Privacy Policy

We use personal information to operate the product and support the people using it. That includes:

• Creating and securing accounts, organizations, and sign-in sessions
• Providing tracking, reminders, document storage, and related compliance workflows
• Processing uploaded document content with automated extraction tools, including AI models running on our infrastructure providers, when you use document auto-fill or extraction features
• Processing subscriptions and billing events through Stripe
• Sending transactional and relationship emails such as verification, password reset, invitation, and reminder emails
• Responding to support requests and service issues
• Measuring product usage, understanding where users struggle, and investigating bugs, abuse, or security events
• Complying with legal, tax, accounting, and record-keeping obligations

We use essential cookies for authentication, session management, security, and billing workflows. These are required for the Service to work.

With your consent, we also use PostHog analytics cookies and masked session replay to understand public-page, sign-up, and onboarding behavior. We mask form inputs, do not capture copied text, disable console-log recording, and block replay on sensitive dashboard paths.

If your browser sends a Global Privacy Control or Do Not Track signal, we treat that as an analytics opt-out.

We do not use third-party advertising cookies on the site today.

We use the following service providers to run the product:

• PostHog: product analytics and session diagnostics
• Stripe: subscription and payment processing (Stripe Privacy Policy)
• Resend: email delivery
• Cloudflare: hosting, database, object storage, edge delivery, and related infrastructure

We may also receive basic account details from an identity provider if you choose to sign in with a supported social login method.

We retain information for as long as it is needed to operate the service, maintain security and accounting records, resolve disputes, and meet legal obligations. Because the product is still evolving, some retention periods are based on operational need rather than a single fixed timeline for every category.

• Account and profile data: generally kept while your account is active and for a limited period afterward as needed for security, fraud prevention, support, and legal recordkeeping
• Billing and subscription records: retained as needed for accounting, tax, fraud, and reconciliation purposes even after a paid subscription ends
• Uploaded documents and related extraction data: kept until you delete them, your organization deletes them, or the underlying account or organization is deleted, subject to temporary backup or recovery copies
• Analytics, security logs, and session diagnostics: retained for operational analysis, troubleshooting, and abuse prevention, then trimmed, aggregated, or removed under our internal operational limits and vendor retention settings
• Email-subscriber records: kept until you unsubscribe or we decide the subscription list is no longer needed, and we may keep limited suppression history to honor future unsubscribe requests

You can:

• Access and update some account information from within the product
• Delete documents or other records you no longer want to keep in the service
• Manage or stop subscriber emails through the unsubscribe or preferences links we include where relevant
• Contact us at support@yourstanding.com to request access, correction, deletion, or other privacy help

If you contact us about a privacy request, please use the email address associated with your account when possible or tell us which account or organization the request is about.

We may ask you to verify control of that email address or complete the request from an authenticated account before we disclose account-specific information or act on the request.

California residents can contact us at support@yourstanding.com to ask for access, correction, deletion, or other privacy help. This is the same manual support path we use for privacy requests generally today.

We do not currently provide a separate self-service privacy-rights portal, automated identity workflow, or formal statutory privacy program on this page. If our legal obligations or live request-handling process materially change, we will update this page to reflect the current process.