Draft for reviewPlatform docsTrust Center

Privacy

Privacy summary for the launch-stage product

This page is the public summary version of the launch privacy draft. It focuses on the real data boundary: local device posture data stays local, while server-side systems are limited to account, billing, and license operations.

Related docs

These pages are the current customer-facing trust and disclosure set for launch prep.

Trust Center

Start here for the product boundaries, review status, and shareable customer docs.

Shareable

Privacy

What stays on-device, what can reach servers, and what we do not collect.

Draft disclosure

Terms

Use boundaries, planned billing posture, and launch-stage legal notes.

Draft disclosure

Data Handling

Plain-language storage, retention, and processing boundary summary.

Technical summary

What stays on-device

  • Foreground app name
  • Browser hostname and path prefix
  • Session timestamps
  • Block-rule events
  • Posture aggregates and review queues

What can reach our servers

  • Email address and password hash
  • License and subscription status
  • Stripe customer and subscription reference IDs
  • Optional team aggregate scores only if the user explicitly opts in

What we do not collect

  • Page content or message text
  • Query parameters or URL fragments
  • Passwords or form inputs
  • Microphone, camera, or location data
  • Hidden employee or partner monitoring data

User control

The product only works if the user keeps control

These controls are part of the architecture, not optional trust language.

Local control

Local posture data lives in the app's local store and can be cleared by the user. The server has no copy of raw behavioral events to recover later.

Sharing control

Any future team sharing remains opt-in and aggregate-only. The operating rule is that manager views do not expose individual browsing or event timelines.

Draft status

This page is not yet the final effective privacy policy. It is the public summary of a draft disclosure that still requires counsel review, final contact details, and jurisdiction-specific updates for EU and state privacy rules.