Privacy Policy
Last updated: July 2, 2026
What we collect
Account data (name, email, hashed password), workspace data (contract names, vendors, amounts, dates and notes you enter), and minimal operational logs (IP-based rate limiting, error logs). We deliberately collect no more than the product needs to work.
What we use it for
To operate the product: computing deadlines, sending the reminder emails you asked for, powering your team's shared workspace, and processing subscription payments through Stripe or PayPal. We do not sell personal data, run third-party advertising, or use your contract data to train models.
Emails
Reminder and digest emails can be turned off per user in Settings → Notifications. Transactional emails (password resets, invites) are sent only when triggered.
Payment data
Card and PayPal details never touch our servers — they are handled entirely by Stripe and PayPal, both PCI-DSS compliant processors. We store only subscription identifiers and plan status.
Cookies
We use a single session cookie for authentication and a local-storage key for your theme preference. No tracking cookies, no fingerprinting.
Data retention and deletion
Your data is retained while your account is active. You may export everything as CSV at any time. When you delete your workspace, contract data is removed from the production database immediately and from encrypted backups within 30 days.
Security
Data is encrypted in transit (TLS), passwords are hashed with bcrypt, calendar feeds use unguessable rotating tokens, and access to production systems is restricted and audited. If we ever experience a breach affecting your data, we will notify you without undue delay.
Your rights
Depending on your jurisdiction (including GDPR and CCPA), you may have rights to access, correct, export or erase your personal data. Contact us and we will honor these requests for all users regardless of location.
Contact
Privacy questions? Use the contact page and mention “privacy” — those messages go to the top of the queue.