Privacy Policy (GDPR-Compliant)
Effective Date: [Insert Effective Date] | Last Updated: [Insert Last Updated Date]
[Your Company Name] ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our website and services (the "Service").
For the purposes of the EU General Data Protection Regulation ("GDPR"), we act as the Data Controller when processing your personal data for registration, account management, and billing.
1. Contact Details (Data Controller)
[Your Company Name]
[Street Address]
[City, Post Code, Country]
Email: [contact@email.com]
You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your rights have been infringed.
2. What Personal Data We Collect
a) Information You Provide
- Company name and subdomain
- Name, email address, password
- Billing and subscription details (processed by Stripe)
- Support requests and communications
b) Information Collected Automatically
- IP address, device and browser information
- Usage logs and product analytics events
- Cookies and similar technologies (see “Cookies & Tracking”)
c) Information from Third Parties
- Payment status and subscription metadata from Stripe (we do not store full card numbers)
3. Legal Bases for Processing (GDPR Art. 6)
- Contractual Necessity – to provide and maintain the Service you request.
- Legal Obligation – to meet tax, accounting, and regulatory requirements.
- Legitimate Interests – to secure, improve, and support the Service.
- Consent – for optional activities (e.g., marketing emails, non-essential cookies). You can withdraw consent at any time.
4. How We Use Personal Data
- Account creation, authentication, and tenant (subdomain) setup
- Subscription and billing management via Stripe
- Service operations, product analytics, and improvements
- Security, fraud prevention, and abuse detection
- Legal compliance and enforcement of terms
We do not engage in automated decision-making producing legal or similarly significant effects.
5. Sharing Your Data
We do not sell personal data. We may share data with:
- Stripe (payment processing and subscription management)
- Hosting, analytics, email, and support providers under GDPR-compliant agreements
- Public authorities when required by law
- Successors in the event of a merger, acquisition, or reorganization
6. International Transfers
Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, such as EU Standard Contractual Clauses (SCCs) and vendor Data Processing Agreements (DPAs), to protect your data.
7. Data Retention
We retain personal data only as long as necessary for the purposes described above, including account operation, legal obligations, and security. When data is no longer required, we securely delete or anonymize it.
8. Your Rights Under GDPR
- Access – request a copy of your personal data.
- Rectification – correct inaccurate or incomplete data.
- Erasure – request deletion (“right to be forgotten”).
- Restriction – limit processing under certain conditions.
- Portability – receive your data in a machine-readable format.
- Objection – object to processing based on legitimate interests or direct marketing.
- Withdraw Consent – where processing is based on consent.
To exercise any of these rights, contact us at [contact@email.com]. We will respond within 30 days.
9. Security Measures
We implement appropriate technical and organizational measures (encryption in transit, access controls, least-privilege, monitoring). However, no method of transmission or storage is completely secure.
10. Cookies & Tracking
We use cookies and similar technologies to operate and improve the Service:
- Essential cookies – required for core functionality (authentication, security).
- Analytics cookies – help us understand usage and improve features.
- Marketing cookies – used only with your consent.
You can manage cookie preferences via your browser or our cookie banner (where applicable). For more information, see our Cookie Policy.
11. Children’s Privacy
Our Service is not directed to children under 16. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will be posted here with a revised “Last Updated” date.
13. How to Contact Us
If you have any questions about this Privacy Policy or our data practices, contact:
[Your Company Name]
[Street Address]
[City, Post Code, Country]
Email: [contact@email.com]