Privacy Policy

1. What We Collect

• Account data: email, name, OAuth identifiers, hashed password (when applicable), and company information you provide.
• Subscription and billing data: plan, status, period end, Stripe customer and subscription identifiers, and invoice metadata. Card details are collected and stored by Stripe, not by us.
• Customer Data: calculator inputs, saved scenarios, board books, metric snapshots, narrative text, SaaS profile fields, and any files you upload (for example, logos for board-book branding).
• Connected-service data (when available): if you connect Stripe via read-only Stripe Connect in a future release, we would read billing metrics from your Stripe account; OAuth access and refresh tokens would be stored on our infrastructure. CSV import and manual entry are the active board-book metric paths today.
• Recipient data: board-book recipient names, emails, view timestamps, hashed network identifiers, hashed user-agent strings, and identifiers of sections viewed.
• Telemetry and support data: error reports, product analytics, support messages, and audit logs.

2. How We Use Data

• Provide, operate, secure, support, maintain, and improve the service.
• Process subscriptions and billing through Stripe.
• Deliver transactional email through Postmark (sign-in links, magic-link board-book delivery, support replies).
• Power AI-assisted features by transmitting the relevant Customer Data to third-party large language model providers via OpenRouter, under contractual zero-data-retention or equivalent handling where commercially available.
• Compute anonymized, de-identified, aggregated benchmark Output, but only from Customer Data of users who have explicitly opted in via the SaaS profile.
• Detect abuse, enforce rate limits, monitor security, and investigate incidents.
• Comply with legal obligations and respond to lawful requests.

3. Benchmark Opt-In

Benchmark contribution is off by default. To contribute, you must explicitly opt in from the SaaS profile page. We record the consent timestamp and consent version. You can opt out at any time; future contributions stop and your data is excluded from subsequent aggregations.

Benchmark Output is shown only as percentile bands (for example, p25 / p50 / p75) above a minimum cohort threshold. No individual company is identifiable from a benchmark band.

4. Sub-Processors

We rely on a small set of sub-processors to operate CACulator.io. The current list is maintained in our Data Processing Addendum at /legal/dpa.

5. Sharing of Data

• With sub-processors, only as needed to operate the service.
• With Team Members you invite, who can view your shared workspace data subject to their role.
• With Recipients you invite, who can view the specific board books you grant them access to via per-recipient magic links.
• When required by law, subpoena, court order, or other legal process, after challenging overbroad requests where appropriate.
• In connection with a merger, acquisition, financing, sale of assets, or reorganization, subject to the assigning party preserving privacy protections.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising. Recipient emails are used solely to deliver and authenticate access to the board books you send and are not used for marketing.

6. Data Hosting and Residency

Customer Data is hosted in the United States on infrastructure operated by Supabase (Postgres database, authentication, and file storage) and Vercel (application compute and edge). Transactional email is delivered via Postmark. AI processing is routed via OpenRouter to underlying model providers. We will provide reasonable notice of any change in primary hosting region.

7. Retention and Deletion

We retain Customer Data while your account is active and for a reasonable post-termination period to support data export. After that, Customer Data is deleted on a rolling schedule, subject to legal retention requirements and to anonymized, aggregated benchmark contributions which may persist.

You may request access, correction, deletion, or export of your personal data by emailing privacy@caculator.io. We may need to verify your identity before acting on the request.

8. Security

We use commercially reasonable administrative, technical, and organizational measures, including row-level security on database tables, hashed storage of API Keys and magic-link tokens, scoped credentials for sub-processors, and TOTP multi-factor authentication for account holders. No online service is perfectly secure.

9. Children

CACulator.io is intended for business users and is not directed to children under sixteen. We do not knowingly collect personal data from children.

10. Changes and Contact

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date and by reasonable notice to account holders. Contact: privacy@caculator.io.