Privacy

1. What we collect

Two categories. Account data: your email address, your display name, your timezone, and your authentication tokens. Product data: every task, block, project, client, payment, and setting you create inside Ensaria.

We do not collect: your IP address (beyond what's needed for the immediate request), your browser fingerprint, your location, your device ID, or anything from third-party tracking sources. We don't use cookies for tracking. We use one cookie for keeping you signed in; that's it.

2. Why we collect it

To provide the service. Your product data is the service — Ensaria would be useless without it. Your account data is how we know it's you.

We use Vercel Web Analyticsfor aggregate page-view stats. No cookies, no personal data, no fingerprinting. We see “the home page got 432 visits today.” We don't see who you are.

3. Where it lives

Primary database is in Frankfurt, Germany (Neon, EU region). Encrypted backups are in Helsinki, Finland. Our application runs on Vercel's EU edge. Email is sent via Resend (EU).

Full list of subprocessors is on the subprocessors page, including each one's role, what data they receive, and a link to their DPA.

4. Who else sees it

No one. We don't sell, license, share, or otherwise transfer your data to third parties. We use subprocessors for infrastructure (hosting, databases, email), but no subprocessor receives more data than they strictly need to do their job.

5. Your rights

Under GDPR you have the right to access, rectify, and erase your data. You can do all three from inside Ensaria, without contacting us. Export everything as JSON from Settings → Data. Delete your account from the same page; data is hidden for 30 days then permanently erased.

6. Contact

Data controller: [TODO: legal entity name + registered address — provided by user before launch]. Email privacy@ensaria.com for any privacy question, or to file a complaint. We aim to reply within 7 days.

This page replaces all previous privacy policies.