Privacy Policy
Last updated: __DATE__
Placeholder. Replace this content with a privacy policy specific to your data handling, sub-processors, and jurisdiction (GDPR, CCPA, etc.).
1. Information we collect
- Account data: name, email, password hash.
- Workspace data: data you upload while using the Service.
- Usage data: pages visited, features used, IP address, user agent.
- Billing data: handled by our payment processor (Stripe); we do not store full card numbers.
2. How we use information
To provide and improve the Service, communicate with you about your account, comply with legal obligations, and prevent fraud.
3. Legal basis (GDPR)
Processing is based on contract performance (your subscription), legitimate interests (security, analytics), and legal obligation.
4. Sub-processors
- Vercel — application hosting
- Neon — database hosting
- Stripe — payment processing
- Resend — transactional email
- Cloudflare — DNS and CDN
5. Data retention
Workspace data is retained while your subscription is active, and for 30 days after cancellation to allow restoration. Backups are retained for 30 days.
6. Your rights
You may access, correct, export, or delete your data at any time. Contact privacy@inventroy.com for requests.
7. Cookies
We use essential cookies for authentication and a small number of analytics cookies. See our cookie banner for details.
8. Security
Data in transit is encrypted with TLS. Database connection strings are encrypted at rest. Passwords are stored as bcrypt hashes.
9. International transfers
Data may be processed in regions where our sub-processors operate. EU/UK transfers are covered by Standard Contractual Clauses.