Privacy Policy

1. What data we collect

When you sign up, we collect your organisation name, your name, work email address, and account password (stored as a bcrypt hash - never in plaintext). We also collect basic usage data (page views, feature interactions) to improve the platform.

2. How your data is stored

Your data is stored in MongoDB Atlas on Vercel-managed infrastructure. All credential values stored in Aegis are encrypted with AES-256-GCM before being written to the database. Even our engineering team cannot read your credentials in plaintext.

3. We do not sell your data

We will never sell, rent, or share your personal data with third parties for marketing purposes. Period.

4. Cookie usage

We use httpOnly session cookies for authentication. These cannot be read by JavaScript and protect against XSS attacks. We also use a non-httpOnly indicator cookie (sb_authenticated) to detect login state on the marketing site.

5. DPDP Act compliance

SlateBeaver is designed to comply with the Digital Personal Data Protection Act, 2023 (India). You have the right to access, correct, and delete your personal data. Contact privacy@slatebeaver.com to exercise these rights.

6. GDPR

If you are located in the European Economic Area, you have additional rights under GDPR including the right to data portability and the right to be forgotten. Contact us to exercise these rights.

7. Data retention and deletion

If you cancel your subscription, your data is retained for 30 days to give you time to export. After 30 days, all data is permanently deleted. You may request immediate deletion at any time by contacting hello@slatebeaver.com.

8. Contact

For all privacy-related inquiries: privacy@slatebeaver.com