Privacy Policy

[DRAFT — pending legal review.] Bracketed items must be completed before publishing.

Data controller: [NEEDS MATTHEW: legal entity + address]. Effective date: [NEEDS MATTHEW]. Privacy contact: [NEEDS MATTHEW: DPO/privacy email].

Data we collect

Account & identity data (name, email, phone, address), business records you enter (contacts, invoices, schedules, inventory, etc.), and usage/analytics data.

How we protect it

Personal identity data (email, phone, address) is encrypted at rest; all traffic is encrypted in transit; tenant data is isolated at the data layer. See our Security page. [IN PROGRESS: extending field-level encryption to order-captured contact/address data.]

Sub-processors

We use the third parties listed on our Sub-processor page to provide the service.

Your rights

Export and deletion are supported. [NEEDS MATTHEW + counsel: GDPR/CCPA rights, retention schedule, international-transfer mechanism, children’s-data position.]