← HomeVersion 2026-06-12

Privacy Policy

Effective 2026-06-12

Placeholder text — not legal advice.

This document is a placeholder template and is NOT legal advice. Have it reviewed by qualified counsel before relying on it in production.

1. What We Collect

  • Account data: email address, name, organization, role.
  • Product data: items, packaging, gel packs, and cartonization results you create.
  • Billing data: handled by Stripe; we store only references (customer/subscription IDs) and invoices.
  • Operational telemetry: anonymized error reports and usage analytics events (org created, first item added, first cartonization, subscription started/canceled). Card numbers, full request bodies, and other tenants' data are never logged.

2. How We Use It

We use your data to operate, secure, and improve the Service, process payments, send transactional messages (receipts, dunning, password resets), and respond to support requests.

3. Cookies and Local Storage

We use cookies and local storage that are strictly necessary to keep you signed in and to remember your preferences. We also use first-party analytics to measure activation and performance. You can decline non-essential analytics from the cookie banner.

4. Sharing

We do not sell your data. We share data only with sub-processors necessary to run the Service (hosting, database, payment processing, email delivery).

5. Tenant Isolation

Each organization's data is isolated by Row-Level Security in our database. Users from one organization cannot read, modify, or delete another organization's data.

6. Your Rights

You may export your organization's data at any time from Organization Settings → Data & Privacy. You may also request permanent deletion of your organization's data; on request, we will remove your organization's records and cancel any active subscription.

7. Data Retention

We retain organization data for as long as the workspace is active. Billing records may be retained longer to satisfy tax and accounting obligations.

8. Security

We use industry-standard safeguards: TLS in transit, encryption at rest, scoped access controls, and continuous monitoring. No system is 100% secure; please report any vulnerabilities responsibly.

9. Changes

Material changes to this Policy will be notified in-app. Continued use after notification constitutes acceptance.

10. Contact

For privacy questions or deletion requests, contact your organization administrator or the Cartonizer support team.