This is a template, not legal advice. It has not been reviewed by a lawyer. Before relying on this for a real product — especially if you handle data from the EU/UK (GDPR), California (CCPA/CPRA), or other regulated jurisdictions — have a licensed attorney review and customize it for your business and applicable law.

Privacy policy

Last updated: [DATE] · Replace bracketed placeholders before publishing.

1. What we collect

Account information (name, email, hashed password), project data you or your team enter (tasks, budgets, risks, status updates, communications), and basic usage logs (timestamps, IP address, browser type) needed to operate and secure the service.

2. How we use it

To operate the application, authenticate users, generate the reports and AI features you request, send status-request and report emails you configure, and maintain security and reliability. We do not sell personal data.

3. AI features

Optional AI features (project planning, charter drafting, status reports, the AI assistant) send relevant project data to Anthropic's API to generate a response. AI-generated content may be inaccurate or incomplete — it is provided for drafting assistance only and should be reviewed by a human before being relied upon for decisions.

4. Third parties / sub-processors

[Hosting provider, e.g. Vercel], [Database provider, e.g. Neon/Supabase], Anthropic (AI features), and [Email provider, e.g. Resend, if configured for status requests and reports]. Each processes data only as needed to provide their service to us.

5. Cookies

We use a single essential session cookie to keep you signed in. We do not use tracking or advertising cookies.

6. Data retention & deletion

Data is retained while your account or organization is active. Contact [CONTACT EMAIL] to request export or deletion of your data, subject to legal or operational retention requirements.

7. Your responsibilities

Don't enter sensitive personal data about third parties (e.g. health or financial data of people outside your organization) without a lawful basis and their awareness. You're responsible for the accuracy of data your team enters.

8. Security

We use industry-standard practices (encrypted connections, hashed passwords, access controls) but no system is 100% secure. Report suspected security issues to [CONTACT EMAIL].

9. Contact

Questions about this policy: [CONTACT EMAIL].