Legal

Privacy Policy

Effective date: 1 March 2026

Curtyn is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.

1. Data we collect

We collect the following categories of data:

• Account data: email address and password hash when you register
• Project content: briefs, files, comments, and signatures you create
• Usage data: portal view events, comment timestamps, sign-off records
• Billing data: processed by Stripe; we do not store card numbers
• Client identifiers: IP address and timestamp logged at signature time for audit purposes

2. How we use your data

• Provide and improve the Curtyn service
• Send transactional emails (notifications, receipts)
• Maintain audit trails for signed documents
• Detect and prevent fraudulent or abusive use

3. Data sharing

We do not sell your data. We share data only with the following sub-processors required to run the service:

• Supabase: database hosting (EU region)
• Vercel: edge network and hosting
• Stripe: payment processing
• Resend: transactional email delivery

4. Cookies

We use strictly necessary cookies for authentication session management. We do not use advertising or third-party tracking cookies.

5. Data retention

Project data is retained for as long as your account is active. When you delete a project, its contents are permanently deleted within 30 days. Account data is deleted within 30 days of account closure.

6. Your rights

Under applicable data protection laws you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email us at privacy@curtyn.com.

7. Security

All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel. We perform regular security reviews.

8. Changes to this policy

We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

9. Contact

Questions or requests? Email privacy@curtyn.com.