Privacy Policy

Privacy Policy

This is the v1 placeholder Privacy Policy shipped with the SaaS Template boilerplate. Deployments replace this file with their own legal-reviewed text before going to production.

Data we collect

The platform collects only the personal data necessary to operate the service: account identifiers (email, name), authentication state (passkeys, TOTP factors, session metadata), and customer-supplied content the customer uploads.

How we use it

We process personal data to authenticate the customer, deliver the service, secure the platform, and meet legal obligations.

Sharing with subprocessors

We share personal data only with the subprocessors listed at /subprocessors. The list is the constitutional record of every third party that processes customer data on our behalf.

Your rights

You have the right to access, port, and delete your data. Submit a request through /privacy/request. We respond within the response window required by the applicable regime (GDPR: 30 days).

Retention

We retain personal data only as long as needed to deliver the service and to meet legal obligations. Backups age out on the schedule documented in our operations runbook.

Contact

For privacy questions write to the address on the receipt of any /privacy/request submission, or to the address on the order form.