IronSight AI — Privacy Policy

DRAFT — attorney review required before publishing. Fill placeholders in [BRACKETS]. Operating entity: [LEGAL ENTITY]. Governing law: State of Illinois. Last updated [DATE].

This Policy explains what we collect, why, and your choices. It covers [ironsight.clearpathautomation.io] (the "Service").

1. Information we collect

• Account data: name, email, password (hashed), and account settings.
• Payment data: processed by Stripe. We do not store your full card number. We do store a Stripe customer ID, subscription status, billing history, the cardholder name, the card's last four digits and brand, and a non-sensitive card fingerprint provided by Stripe.
• Fraud / trial-abuse signals: we retain the cardholder name, email, card fingerprint, and limited device/IP signals to detect and prevent duplicate free trials and fraudulent or abusive sign-ups. This is a legitimate-interest security purpose.
• Usage data: log-in times, pages/features used, device and browser type, IP address, and similar analytics.
• Cookies: essential cookies for login/session, plus analytics cookies (see Cookies below).
• Communications: messages you send us and, on applicable tiers, Q&A or session content.

2. How we use it

To provide and secure the Service; authenticate you; process subscriptions and trials; prevent fraud and duplicate trials; provide support; improve the product; send service and (with consent where required) marketing emails; and comply with law.

3. How we share it

We share data only with service providers acting on our behalf, including: Stripe (payments), Supabase (database/auth), [hosting/Vercel], [email provider], and [analytics provider]. We may disclose information to comply with law or protect our rights. We do not sell your personal information. See [Do Not Sell My Personal Information].

4. Data retention

We keep account and billing records as long as your account is active and as required for legal, tax, and fraud-prevention purposes. Fraud/trial-abuse signals (including card fingerprints) may be retained after account closure to enforce the one-trial-per-person rule and prevent abuse.

5. Your rights

Depending on your location (e.g., California/CCPA, EU/UK GDPR), you may have rights to access, correct, delete, or port your data, and to opt out of certain processing. To exercise rights, contact [privacy@ironsightai.com]. We will not discriminate against you for exercising rights.

6. Cookies

We use essential cookies (required for login) and, with your consent where required, analytics cookies. You can manage non-essential cookies via our cookie banner and your browser settings.

7. Security

We use industry-standard safeguards (encryption in transit, hashed passwords, access controls). No method is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not directed to anyone under 18, and we do not knowingly collect data from minors.

9. International

The Service is operated from the United States; by using it you consent to processing in the U.S.

10. Changes & contact

We may update this Policy with a new "Last updated" date. Questions: [privacy@ironsightai.com].