Privacy Policy

Draft for review. Have this reviewed by counsel and confirm it accurately reflects your data handling before launch.

1. What we collect

SharePoint Forge collects only what is needed to operate the service:

• Name and work email (from Clerk sign-in)
• Organisation and verified business domain
• Customer role within your organisation
• Package entitlements and download history
• Support ticket content you send to us

2. Where data is stored

Customer data is stored in Supabase (Postgres) hosted in the EU/UK region. Payment card details are not stored by us — Stripe holds them under PCI-DSS compliance. Authentication is handled by Clerk.

3. Why we collect it

To deliver the service you purchased: gate access to entitled packages, send transactional emails, provide support and meet legal accounting obligations.

4. Who we share it with

• Stripe — payment processing
• Clerk — user authentication
• Supabase — database + private file storage
• Resend — transactional email delivery
• Vercel — hosting and CDN

We do not sell personal data, and we do not share it with advertising or marketing platforms.

5. How long we keep it

Account and entitlement data is kept for the duration of your relationship with us plus a reasonable period for accounting and audit purposes. Support tickets are kept indefinitely as part of the service's historical record unless you request deletion.

6. Your rights

Under UK GDPR you have the right to access, correct, delete, port, restrict processing of, or object to processing of your personal data. To exercise these rights, contact us.

7. Cookies

We use only the cookies required to operate the service (auth session cookies from Clerk, Stripe Checkout). No advertising or cross-site tracking cookies.

8. Contact

For privacy questions: contact us.