Privacy Policy

Effective date: TBD · Last updated: 2026-04-29

Important: This is a placeholder document. Before launching, replace this content with a privacy policy drafted or reviewed by a lawyer (or a reputable generator). Comply with GDPR, CCPA, and any other regulations that apply to your audience.

1. What we collect

• Account info: email, password (hashed), workspace name.
• Workspace data: contacts, deals, notes, form submissions, settings — created by you, owned by you.
• Usage data: sign-in events, feature usage, performance telemetry to improve the product.
• Payment data: handled by Stripe; we don't store card numbers.

2. How we use it

• To run the service you signed up for.
• To send transactional emails (lead notifications, billing receipts).
• To improve the product (aggregate usage analytics, never sold).

3. What we don't do

• We don't sell your data to anyone.
• We don't use your workspace data to train AI models.
• We don't email you marketing without explicit opt-in.

4. Subprocessors

We use the following third-party services to operate Storm:

• Supabase — database, auth, storage
• Cloudflare — hosting, edge functions
• Stripe — payments
• Resend — transactional email

5. Your rights

You can export, edit, or delete your workspace data at any time from Settings. Account deletion removes your workspace and all associated data within 30 days.

6. Cookies

We use cookies for sign-in sessions and to remember workspace preferences. We don't use third-party tracking cookies on the dashboard.

7. Data location

Workspace data is stored on Supabase infrastructure (region per project config). Edge functions run on Cloudflare's global network.

8. Changes

We'll notify you at least 14 days before any material change to this policy.

9. Contact

Privacy questions: privacy@example.com (replace with your real privacy contact before launch).