1. Data We Process
- Authentication data through Firebase Authentication
- Account settings and workspace preferences stored in PostgreSQL
- Project data: clients, deliverables, scope requests, financial documents, signatures
- Client portal token activity and review actions
- Email delivery metadata via Resend
- AI drafting payloads sent to Groq for AI Diplomat requests
- Optional Google Drive metadata and permission grants if enabled by the user
2. Purpose and Legal Basis
- Contract performance: run your projects, portal workflows, and document generation
- Legitimate interest: platform security, abuse prevention, troubleshooting, and product analytics
- Consent: optional integrations and non-essential marketing communications
3. Processors and Transfers
- Firebase (authentication), Neon/PostgreSQL (storage), Resend (email), Groq (AI generation), and optional Google APIs (Drive access)
- Data may be processed outside your country; we use contractual safeguards where required
- We do not sell personal data
4. Security
We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.
5. Retention and Rights
- Access, rectify, erase, restrict, object, and portability where applicable
- Data is retained while your account is active and for legal/accounting obligations after closure
- Client portal links are bearer tokens and should be rotated if exposed
6. Cookies
We use cookies to enhance your experience. For more information about our use of cookies, please see our Cookie Policy.
7. Contact Us
If you have questions about this Privacy Policy, please contact us through our contact page.