Privacy Policy

Last updated: May 25, 2026

Your Data, Your Control. We operate on a BYOD (Bring Your Own Database) model. Your business data is stored in YOUR database, not ours.

1. Information We Collect

1.1 Account Information (Stored by Us)

We store minimal information required to operate your account:

  • Email address
  • Name
  • Organization name
  • Encrypted password
  • 2FA settings
  • Subscription status

1.2 Business Data (Stored by YOU)

All your business data is stored in YOUR database that you connect:

  • Catalog Items and contracts
  • Revenue and expenses
  • Payouts and financial data
  • Team member information
  • Files and documents

We do not have access to this data. It lives on your database server.

1.3 Technical Data

We automatically collect:

  • IP address (for security)
  • Browser type and version
  • Device information
  • Usage logs (feature usage, not content)

2. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity
  • To process payments
  • To send important notifications
  • To improve our Service
  • To detect and prevent fraud

3. Data Sharing

We do NOT sell your personal information.

We only share data with:

  • Stripe - Payment processing
  • Resend - Email delivery
  • Law enforcement - When legally required

4. Data Security

  • All connections use TLS/SSL encryption
  • Passwords are hashed using bcrypt
  • Database credentials are encrypted at rest
  • Two-factor authentication available
  • Regular security audits

5. Your Rights (GDPR/CCPA)

You have the right to:

  • Access - Download your account data
  • Rectification - Correct your information
  • Erasure - Delete your account
  • Portability - Export your data
  • Object - Opt out of marketing

To exercise these rights, visit Account Settings or contact us.

6. Data Retention

  • Account data: Until you delete your account
  • Business data: Stored in YOUR database (you control retention)
  • Logs: 90 days
  • Backups: 30 days after account deletion

7. Cookies

We use essential cookies for:

  • Session management
  • CSRF protection
  • Remember me functionality

We do NOT use tracking or advertising cookies.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. International Transfers

Our servers are located in the United States. By using the Service, you consent to the transfer of your information to the US.

10. Changes to This Policy

We will notify you of material changes via email. Continued use after changes constitutes acceptance.

11. Contact Us

Privacy questions? Contact our Data Protection Officer:

Email: hello@localhost
Address: Your Company, Wyoming, USA

Your Company • Wyoming, USA