← Back to SlateBeaver

Privacy Policy

Last updated: April 2025

What data we collect

SlateBeaver collects the following data when you use the service:

  • Account information: Your name, email address, and organisation name when you register.
  • Credential data: Secrets and credentials you store in the vault. These are encrypted before storage using AES-256-GCM.
  • Usage logs: Audit logs of actions taken within the platform (reveals, changes, exports, logins). These are required for the core compliance functionality of the product.

How it is stored

All data is stored in MongoDB. Credential values are encrypted at rest - even direct database access cannot expose plaintext secrets. Audit logs are append-only and tamper-resistant.

Third-party services

We do not use any analytics platforms, advertising networks, or data brokers. We do not sell your data. We do not share your data with any third party except as required by law.

Email delivery (for transactional emails like password resets) uses a standard SMTP provider. No marketing emails are sent.

Data retention

Your data is retained while your account is active. Upon account deletion, credential data is permanently removed. Audit logs may be retained for up to 90 days for compliance purposes.

Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a machine-readable format

To exercise any of these rights, contact us at hello@slatebeaver.app.

Contact

For data-related requests or privacy concerns, contact us at hello@slatebeaver.app.