Privacy Policy
How we collect, use, share, and protect personal data when you use OsmiumStack.
Last updated June 30, 2026
This is a sample policy provided with the OsmiumStack starter. It is not legal advice — adapt it to your actual data practices and have counsel review it before production use.
1. Who we are
OsmiumStack, Inc. ("OsmiumStack", "we", "us") provides agency project-management, billing, and hosting tools. This policy explains how we handle personal data. For workspace content you process on behalf of your own clients, you are the controller and we are your processor.
2. Data we collect
Information you provide
- Account data — name, work email, and organization details.
- Authentication data — credentials managed through our auth provider, Stytch.
- Customer content — projects, invoices, previews, and files you add.
- Billing data — handled by our payment processor; we store limited metadata.
Information collected automatically
- Usage data — pages viewed, features used, and diagnostic events.
- Device data — IP address, browser, and operating system.
- Cookies — see our Cookie Policy.
3. How we use data
- to provide, secure, and improve the Service;
- to authenticate members and protect against fraud and abuse;
- to process payments and send service and billing communications;
- to respond to support requests and comply with legal obligations.
4. How we share data
We share personal data with vetted subprocessors who help us run the Service (for example, authentication, payments, hosting, and analytics). See our current list of subprocessors. We do not sell personal data. We may disclose data if required by law or to protect rights and safety.
5. International transfers
We may process data in countries other than your own. Where we do, we rely on appropriate safeguards such as Standard Contractual Clauses.
6. Data retention
We retain personal data for as long as your account is active and as needed to provide the Service. After account closure you may export data for 30 days, after which we delete or anonymize it unless we are required to retain it.
7. Security
We use encryption in transit and at rest, least-privilege access, and continuous monitoring. Learn more on our security page. No system is perfectly secure; report concerns to [email protected].
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, or port your data, and to object to or restrict certain processing. To exercise these rights, email [email protected]. You may also lodge a complaint with your local data-protection authority.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes
We may update this policy. Material changes will be announced by email or in-product before they take effect.
11. Contact
Privacy questions? Email [email protected].