Back to app

Privacy & data retention

Data we process

We process account information (such as email and name), building and unit details you enter, uploaded documents you place in the vault, generated filing drafts, audit logs of exports and confirmations, and usage telemetry needed to operate the Service.

Retention

Active accounts: data is retained while your subscription or account is active and as needed to provide the Service.

Deletion requests: you may request deletion of your organization's tenant data subject to legal hold and backup rotation windows (typically up to 90 days for encrypted backups).

Audit logs: security and export confirmations may be retained longer in minimal form where required for fraud prevention and dispute resolution.

Subprocessors

Model providers, hosting, and email vendors may process data under their terms. Configure OPENAI or other keys in your own environment for enterprise deployments as applicable.

Security baseline

We recommend TLS in transit, encryption at rest via your cloud provider, tenant isolation in the application database, and least-privilege API keys.

This page is a placeholder summary. Replace with a DPA-ready privacy policy before production.