Privacy Policy

We respect your privacy and only collect what we need to run the service — nothing more. This page tells you what we keep, why, who (if anyone) we share it with, and what your choices are.

What we collect

When you sign up: your email address, optionally your name, and your Google ID if you sign in with Google. We only store a bcrypt hash of your password — we never see the raw value.

When you use the service: the workspace site URLs you register, the embed IDs we generate for you, daily API usage counters, and the last time each of your embeds sent a heartbeat.

Automatically: your IP address and browser type when you load the portal (standard server logs), an auth cookie to keep you signed in, and a small cookie that remembers your language preference.

What we don't do

• We don't sell your data.
• We don't share it with anyone outside the small set of vendors we depend on to run the service (email sender, hosting, fraud-signal providers).
• We don't use your data to train AI models.
• We don't use advertising cookies.

How long we keep it

For as long as your account is active. If you close your account, we delete your personal data within 30 days. Some aggregate usage stats (with you de-identified) may stay around longer for operational reporting.

Your choices

You can see your data anytime in the dashboard. You can delete your account anytime.

Updates

If something important changes, we'll email you. No quiet updates.