Privacy Policy
Last updated: April 2026 — scaffold draft. Replace with lawyer-reviewed copy before paid signups.
1. What we collect
When you sign up, we collect:
- Your company name and work email address.
- Your chosen subdomain.
- Your IP address (for rate limiting; not stored long-term).
Within your workspace, you control what data you store. We do not inspect workspace data except as required for support or legal obligations.
2. How we use your data
- To provision and operate your workspace.
- To send transactional emails (welcome email, service notifications).
- To prevent abuse (rate limiting by IP and email address).
We do not use your data for advertising or sell it to third parties.
3. Where data is hosted
All data is stored on DigitalOcean infrastructure in the New York City (NYC3) region. Backups are stored in DigitalOcean Spaces (also NYC3) and retained for 30 days.
4. Third-party processors
- DigitalOcean — hosting and storage. Privacy policy.
- Resend — transactional email delivery. Privacy policy.
- Cloudflare — DNS, CDN, DDoS protection. Privacy policy.
5. Data retention
Your workspace data is retained as long as your workspace is active. On termination, a final backup is retained for 30 days and then deleted. Rate-limit event logs are purged after 24 hours.
6. Your rights
You may request a copy of your data or deletion of your account at any time by replying to your welcome email. We will fulfill data deletion requests within 30 days.
7. Cookies
The landing page does not use cookies or tracking pixels. Your workspace (the ERPNext application) may use session cookies for authentication.
8. Contact
Privacy questions? Reply to your welcome email or contact the operator directly.