This page is the {{COMPANY_SHORT_NAME}} Privacy Policy written for normal humans. If the two ever conflict, the formal Privacy Policy controls — that’s the document with legal force. But the spirit is what we say here.
What we collect
Two buckets, very different in kind:
About you, as a user of our software:
- Your email and a hashed password.
- If we’re billing you, your card details (via Stripe; we don’t store the card number).
- Logs of when you signed in and what pages you loaded. Kept 30 days.
- Whatever you write to us in support emails.
About your business, that you put into our software:
- Your client list, orders, shipping addresses, notes, messages, and any other fields you fill in.
- An audit log of who on your team did what and when — for your review, not ours.
What we do with it
- Account info: we use it to log you in and to email you about the service.
- Billing info: we use it to charge you and to file our taxes.
- Your business data: we use it to provide the service to you. That’s it. We don’t look at it except when you ask us to (debugging a ticket) or when a court forces us to.
- Logs: we use them for debugging and for security investigations.
What we won’t do
- We won’t train AI models on your data.
- We won’t sell, rent, or lease your data — ever, to anyone, full stop.
- We won’t use third-party advertising trackers.
- We won’t build a profile of you across the internet.
- We won’t share your data with another customer. Tenant isolation is enforced at the database level; the code physically can’t return another organization’s rows to your session.
Where it lives
In a managed Postgres database (Supabase) hosted on AWS, in their us-west-1 region (Northern California). Static assets (the marketing site, the docs site, the operator app’s JavaScript bundle) are on Netlify’s CDN. That’s the entire infrastructure picture today.
Exporting or deleting
Two options, anytime:
- Self-serve. Use the export buttons inside the app to pull your data in standard formats (CSV/JSON).
- Ask us. Email {{PRIVACY_EMAIL}}. We’ll respond within 30 days. We won’t charge for normal requests.
When you cancel your account, we keep your data for 30 days so you can reactivate or export. Then we delete it. Billing records stick around 7 years for tax purposes — that’s a US requirement, not a choice.
If we get breached
If we ever discover that someone has accessed data they shouldn’t have, we will:
- Tell you, by email, within 72 hours of discovering it.
- Tell you what we know: when it happened, what was accessed, what we’ve done about it, and what you should do.
- Help you with any notifications you need to make to your own customers or to regulators.
We’re a small team. We won’t hide behind PR-speak.
Read the legalese
If you need the formal version (and most enterprise procurement teams will):
- Privacy Policy — the controlling document.
- Terms of Use — the contract.
- Data Processing Addendum — for GDPR / UK GDPR.
- Security overview — how we protect the data once we have it.