Privacy Policy

Your Company operates the website yourdomain.com and the services accessible through it (collectively, the "Service"). This privacy policy explains how we collect, use, store, and protect your personal data when you use our Service.

We collect information you provide directly when you create an account, use the Service, or contact us. This includes: - Account information: name, email address, password (hashed, never stored in plain text) - Profile information: avatar, company name, job title (if provided) - Billing information: processed securely by Stripe. We do not store credit card numbers. - Usage data: pages visited, features used, session duration (collected via analytics) - Communications: emails, support requests, and feedback you send us We also collect information automatically: - Device information: browser type, operating system, screen resolution - Network information: IP address, approximate location (country/region) - Cookies: session cookies for authentication. See section 6 for details.

We use your data to: - Provide the Service: authenticate your account, process payments, deliver features - Improve the Service: analyze usage patterns to identify bugs and improve UX - Communicate with you: send transactional emails (receipts, password resets, notifications) - Ensure security: detect and prevent fraud, abuse, and unauthorized access - Comply with legal obligations: tax reporting, legal requests We do NOT sell your personal data to third parties. We do NOT use your data for advertising.

We share your data only with: - Payment processor (Stripe): to process subscriptions and payments - Hosting providers: to run the Service infrastructure (servers, databases, CDN) - Email provider: to send transactional emails (password resets, receipts, notifications) - Analytics: to understand aggregate usage patterns (no individual tracking) All third-party providers are bound by data processing agreements. We only share the minimum data necessary for each provider to perform their function. We may also disclose data if required by law, regulation, legal process, or governmental request.

You have the right to: - Access: request a copy of the personal data we hold about you - Rectification: correct inaccurate or incomplete data - Deletion: request deletion of your account and associated data - Portability: receive your data in a structured, machine-readable format - Objection: object to processing of your data for specific purposes - Restriction: request restriction of processing in certain circumstances If you are in the European Economic Area (EEA), these rights are guaranteed under the General Data Protection Regulation (GDPR). If you are in California, you have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, email support@yourdomain.com.

We use cookies for: - Authentication: session cookies to keep you signed in (essential, cannot be disabled) - Preferences: remembering your settings (theme, language, sidebar state) We do NOT use cookies for advertising or cross-site tracking. We do NOT use third-party tracking cookies. You can clear cookies at any time through your browser settings. Clearing authentication cookies will sign you out.

We implement industry-standard security measures: - Encryption in transit: all connections use TLS 1.2+ (HTTPS) - Encryption at rest: database encryption for stored data - Password hashing: passwords are hashed using bcrypt (never stored in plain text) - Access controls: role-based access limits who can view customer data - Monitoring: automated alerts for suspicious activity No system is 100% secure. If you discover a security vulnerability, please report it to support@yourdomain.com.

We retain your data for as long as your account is active. When you delete your account: - Account data (profile, preferences): deleted immediately - Billing records: retained for 7 years for tax compliance - Anonymized analytics: retained indefinitely (not linked to your identity) - Backups: purged within 30 days of account deletion You can request immediate deletion of all your data by emailing support@yourdomain.com.

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact support@yourdomain.com and we will delete it.

We may update this privacy policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at support@yourdomain.com.