Template only. This is placeholder SaaS language for development. Replace company details (shown below) and have qualified legal counsel review before relying on it in production.
Privacy Policy
Effective date: April 10, 2026 · Operator: [Your Company Legal Name]
1. Who we are
This Privacy Policy describes how [Your Company Legal Name] (“we”, “us”) collects, uses, and shares personal information when you use Custody Journal (“Service”). Contact: legal@example.com. Address: [Your registered business address].
2. Information we collect
- Account data: such as name, email address, and authentication identifiers from Google Sign-In.
- Content you provide: journal entries, calendar data, communications logs, uploaded files, and similar information you choose to store.
- Payment data: if you subscribe to a paid plan, our payment processor handles card details; we receive limited billing metadata.
- Technical data: IP address, device/browser type, log timestamps, and diagnostic data used to secure and improve the Service.
- Cookies and similar technologies: as described in the Cookie section below.
3. How we use information
We use personal information to provide and improve the Service, authenticate users, process payments, send service-related notices, detect abuse and fraud, comply with law, and analyze usage in aggregate. If you use AI features, prompts and related context may be processed by our AI vendors solely to generate responses for you, subject to our agreements and this Policy.
4. Legal bases (where applicable)
If GDPR or similar laws apply, we rely on bases such as: performance of a contract, legitimate interests (security, product improvement, fraud prevention), consent where required, and legal obligation.
5. How we share information
We share information with service providers that help us operate the Service (hosting, email, analytics, payments, AI inference), bound by confidentiality and processing terms. We may disclose information if required by law, to protect rights and safety, or as part of a merger or asset sale (with notice where required). We do not sell your personal information as “sale” is commonly defined in U.S. state privacy laws (template — confirm with counsel).
6. Data retention
We retain information while your account is active and for a reasonable period afterward for backups, legal compliance, and dispute resolution. Retention periods may vary by data category and legal requirements.
7. Security
We implement technical and organizational measures designed to protect personal information, including encryption for stored documents where described in product documentation. No method of transmission or storage is completely secure.
8. Cookies
We use cookies and similar technologies for session management, security, preferences, and analytics (for example, Google Analytics if enabled). You can control cookies through browser settings. Some features may not work without essential cookies.
9. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing. You may withdraw consent where processing is consent-based. To exercise rights, contact legal@example.com. You may appeal or complain to a supervisory authority where applicable.
10. Children
The Service is intended for adults. We do not knowingly collect personal information from children under 13 (or the age required in your jurisdiction) for direct marketing. If you believe we have collected a child’s information, contact us and we will take appropriate steps.
11. International transfers
If you access the Service from outside the country where we operate, your information may be processed in other countries with different data protection laws. We use appropriate safeguards where required (for example, standard contractual clauses — confirm with counsel).
12. Changes
We may update this Policy. We will post the updated Policy with a new effective date and provide additional notice where required by law.