Effective: October 25, 2025

This Privacy Policy explains how FranchiseVault collects, uses, and discloses information about you.

1. Scope

Applies to websites, apps, and related Services where this policy is posted.

2. Information We Collect

Account & Contact: name, email, organization, role, billing details.

Usage & Device: log data, IP, device/browser, pages viewed, actions taken.

Customer Content: data you upload or enter into the Services.

Integrations: data from authorized integrations (e.g., Salesforce, Stripe).

Cookies & Similar Tech: see our Cookie Policy.

3. How We Use Information

Provide and maintain the Services, including AI features you enable.
Secure, troubleshoot, and improve the Services, including analytics and research.
Communicate with you (service notices, product updates, marketing—opt-out available).
Comply with legal obligations.

4. Legal Bases (EEA/UK)

We process personal data under legitimate interests, contract necessity, consent (where applicable), and legal obligations.

5. Sharing

Vendors & Subprocessors (hosting, auth, analytics, payments);
Partners/Integrations you authorize;
Law & Safety compliance;
Corporate Transactions (merger, acquisition).

See our Subprocessor List.

6. International Transfers

We use global infrastructure. Where required, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other safeguards.

7. Data Retention

We retain personal data as needed to provide Services, comply with law, resolve disputes, and enforce agreements.

8. Your Rights

Depending on location, you may have rights to access, correct, delete, restrict, port, or object to processing.

To exercise rights: contact privacy@franchisevault.app

Third-Party Processors

Clerk - Authentication and user management
Stripe - Payment processing
AWS S3 - File storage (encrypted at rest with AES-256)
Neon/PostgreSQL - Database hosting
Sentry - Error tracking and monitoring
PostHog - Product analytics
Vercel - Application hosting
Upstash Redis - Rate limiting and caching

9. Security

We implement appropriate technical and organizational measures to protect your data:

Files stored on AWS S3 with server-side encryption (AES-256)
Database connections encrypted with SSL/TLS
HTTPS/TLS for all data in transit
Content Security Policy (CSP) headers to prevent XSS
Multi-tenant data isolation at database level
Rate limiting to prevent abuse
Regular security audits and monitoring via Sentry

10. Contact

For privacy questions or to exercise your rights:
Email: privacy@franchisevault.app