This is a template privacy policy. Before charging customers, replace it with a version reviewed by counsel for your jurisdiction.
What we collect
- Account data: your email, name, organization name, and timezone.
- Workspace content: clients, projects, tasks, time entries, and invoices you create. We store this so the product can show it back to you.
- Billing data: we use Stripe for payments. We never see or store your card number. Stripe stores the customer record and tells us your plan, seats, and status via webhooks.
- Operational logs: server logs (request paths, status codes, error traces) and email-send records.
What we don't collect
- Card numbers, CVCs, or expiry dates. Stripe handles all payment data.
- We don't sell your data, run third-party trackers in the app, or share your workspace content with anyone.
How we use it
We use the data above only to operate the product — show you your workspace, send invoices on your behalf, charge your subscription, and respond to support requests.
Your data, your call
You can, at any time:
- Export: download a JSON copy of every workspace row from
/settings → Download all data. - Delete: close your workspace from
/settings → Delete organization. We immediately cancel your Stripe subscription and soft-delete everything; hard deletion of the row happens on request via support.
Subprocessors
- Stripe — payment processing.
- Your email provider — when you bring your own SMTP / SES / Resend credentials, that provider receives the outbound message.
- Hosting + database — the cloud provider you choose. Their sub-processor list applies.
Security
Detailed practices are in /security. Tap that link before asking for a security questionnaire.
Contact
Email hi@hoursmith.app with any privacy question or request.