Privacy
Privacy that matches the security posture of the product.
Your final policy still needs legal review, but the product already signals the right principles: minimal exposure, explicit controls, and operational accountability.
Account data
User records are limited to the data required to operate billing, access control, support, and abuse prevention.
- Email, password hash, session version, and account verification state are stored for authentication.
- Operational records such as orders, payments, tickets, and audit events exist to support delivery and investigation.
- Credentials are encrypted at rest when stored for provider-backed access.
Operational logging
The system favors controlled observability over excessive collection.
- Audit events can record who performed sensitive actions and when.
- Billing, provisioning, and support workflows preserve only the state needed for recovery and review.
- Operators should publish their final retention and disclosure commitments before launch.