Privacy Policy

1. Information we collect

• Account data — email, name, and avatar you provide.
• Organization data — organizations, memberships, roles, and content you create.
• Technical data — IP address, browser/user agent, and session metadata used for security and audit logging.

2. How we use information

To provide and secure the Service: authenticating you, enforcing organization access, maintaining an audit log of security events, and preventing abuse.

3. Cookies

We use strictly necessary cookies to keep you signed in (Supabase auth session cookies). These are essential and cannot be disabled while using the Service. We do not set analytics or advertising cookies by default — if you add analytics, gate it behind the cookie consent banner.

4. Service providers

• Supabase — database, authentication, and storage, as a data processor on our behalf.
• hCaptcha— bot protection on auth forms (when enabled); subject to hCaptcha’s privacy policy.

5. Your rights

You can access and update your data, export a copy, and permanently delete your account at any time from your profile settings. Depending on your region (e.g. GDPR/CCPA), you may have additional rights; contact us to exercise them.

6. Data retention & security

We retain data for as long as your account is active. Tenant data is isolated at the database layer with row-level security. When you delete your account, your personal data and any organizations you solely own are removed.

7. Changes & contact

We may update this policy; material changes will be communicated through the Service. Questions: [privacy@example.com], Tag It La!, [address].