Privacy Policy

Effective Date

January 2026

Last Updated

January 2026

1. Introduction

Plaintext ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software solutions, applications, and associated services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

  • Authentication Information: Email address, name, and profile information through authentication services
  • Account Information: Personal details and organization information provided during account registration
  • Preference Information: User settings, configuration preferences, and usage patterns
  • Communication: Support requests, feedback, inquiries, and correspondence you send to us
  • Billing Information: Payment details and billing address (processed securely through third-party providers)
  • Professional Information: Job title, department, organization, and role-specific data

2.2 Information Collected Automatically

  • Device Information: Device model, operating system, unique device identifiers, and browser information
  • Usage Information: Features accessed, time spent in application, user workflows, and interaction patterns
  • Network Information: IP address (for connectivity and security purposes)
  • Cookies and Similar Technologies: Session tokens for authentication and user preferences
  • Performance Data: Application performance metrics, error logs, and diagnostic information

2.3 Third-Party Information

We may receive information about you from:

  • Authentication providers (Auth0, OAuth providers)
  • Third-party integrations you authorize
  • Business partners and integration services

3. How We Use Your Information

We use collected information for the following purposes:

  • Account Management: Create, manage, and maintain your user account
  • Authentication & Security: Verify your identity and maintain secure login sessions
  • Service Delivery: Provide software solutions, features, and functionality
  • Personalization: Remember your preferences and customize your experience
  • Analytics & Improvement: Understand usage patterns to improve features and performance
  • Customer Support: Respond to inquiries and provide technical assistance
  • Compliance & Legal: Meet regulatory requirements and maintain audit trails
  • Billing & Payments: Process payments and manage subscription services
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Communication: Send updates, notifications, and service announcements
  • Product Development: Use aggregated, anonymized data to develop new features

4. Data Storage and Security

4.1 Storage Methods

  • Authentication Data: Credentials and authentication tokens stored securely with encryption
  • User Preferences: Configuration data stored in encrypted format
  • Business Data: Customer data stored in secure cloud infrastructure
  • Sensitive Information: Access tokens and API keys encrypted before storage

4.2 Security Measures

  • All data transmission uses HTTPS/TLS encryption
  • Sensitive information is encrypted at rest on our servers
  • Authentication handled through industry-standard providers (Auth0, OAuth 2.0)
  • Role-based access control (RBAC) for internal data access
  • Regular security audits and penetration testing
  • Compliance with SOC 2 Type II standards
  • Multi-factor authentication (MFA) support for enhanced security

4.3 Your Data Protection Philosophy: Encryption First

At Plaintext, we take your privacy extremely seriously. Here's how we protect your data in our cloud infrastructure:

What We Store:

  • Your authentication identity (via secure provider reference)
  • Your user account and organization information
  • Your preferences and configuration settings
  • Business data you choose to store in our services

How We Protect It:

  • All personally identifiable information (PII) stored on Plaintext's servers is encrypted end-to-end
  • Only reference identifiers are stored in plain text (for data linking purposes)
  • Encryption keys are managed securely and rotated regularly
  • Keys are never transmitted with encrypted data

We Are Not a Data Broker:
Plaintext is not a data broker. We do not sell, rent, or share your personal information with data brokers or similar third parties for any purpose. Your data is never used for data brokerage, profiling, or resale to external parties.

We Don't Sell Your Data: Plaintext does not sell, rent, or share your personal information with third parties for marketing or commercial purposes. Encryption ensures that even if unauthorized access were to occur, your sensitive data remains protected and valueless to bad actors.

Maximum Security Against Breaches: In the unlikely event that Plaintext's systems were ever compromised, attackers would only gain access to encrypted data. Without the encryption keys, your personal information would be completely useless to them. This "defense in depth" approach ensures your data is protected even in worst-case scenarios.

Example - What a Data Breach Would Look Like:

User ID: auth0|507f1f77bcf86cd799439011
First Name: h7K9m2Lp8qX5vN3jBzF1aY0wDe4tR6sU
Last Name: m5Nx8pK2lQ6vT9jE3sW0pF4aL7rD1cM
Organization: k2L7mN9pQ4rS6tU8vW0xY3zA5bC8dE

Without the encryption keys (which are stored separately and securely), this data is completely unreadable and unusable to attackers. Your actual personal information remains completely safe.

Industry Best Practice:
This encryption-by-default approach exceeds many industry standards and demonstrates our commitment to protecting your privacy regardless of circumstances. You can use Plaintext with confidence knowing that your data is protected by the strongest encryption standards available.

4.4 Data Retention

  • Authentication tokens are retained for the duration of your session
  • User account data is retained while your account is active
  • Inactive accounts may be retained for up to 12 months before deletion
  • Backup copies may be retained for up to 90 days for disaster recovery
  • Audit logs are retained for 1 year for security and compliance purposes
  • Business data may be retained according to your organization's retention policies

5. Third-Party Services

5.1 Authentication Providers

We use OAuth 2.0 and Auth0 for authentication and identity management. Their privacy practices are governed by their respective privacy policies. We do not have access to your passwords; only authentication tokens are transmitted to our system.

5.2 Cloud Infrastructure

Your data is processed and stored on secure cloud infrastructure (AWS, Google Cloud, or Azure) in compliance with applicable data protection regulations. We select providers based on their security certifications and compliance standards.

5.3 Payment Processing

Payment information is processed through PCI-DSS compliant third-party providers (Stripe, PayPal, etc.). We do not store your complete payment card information.

5.4 Analytics & Monitoring

We may use analytics services (Google Analytics, Mixpanel, etc.) to understand usage patterns. These services collect data according to their privacy policies, which we encourage you to review.

5.5 Support & Communication

We may use third-party support platforms and email services to communicate with you and provide customer support. These providers comply with applicable privacy regulations.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Right to Access: You have the right to request access to the personal information we hold about you.
  • Right to Deletion: You can request deletion of your account and associated data. When you delete your account:
    • Your personal information is permanently deleted from our active systems
    • This process may take up to 30 days to complete
    • Some information may be retained for legal compliance, tax, or audit purposes
    • Backup copies will be deleted within 90 days
  • Right to Data Portability: You may request a copy of your data in a portable format that can be transferred to another service.
  • Right to Correction: You can request correction or update of inaccurate or incomplete information.
  • Right to Withdraw Consent: You can withdraw consent for specific data processing activities (such as marketing communications).
  • Right to Restrict Processing: You may request that we limit how we process your personal information in certain circumstances.

How to Exercise Your Rights:
To exercise any of these rights, contact us at: privacy@plaintextcorp.com

We will respond to verified requests within 30 days as required by applicable law.

7. Children's Privacy

Plaintext services are not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will immediately delete such information and terminate the child's account.

For users between 13 and 18, parental consent may be required depending on your jurisdiction.

8. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country. By using our services, you consent to the transfer of your information to countries outside your country of residence, and we implement appropriate safeguards such as Standard Contractual Clauses.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date at the top of this document
  • Sending an email notification for significant changes
  • Requesting your acceptance of updated terms upon next login (if changes are substantial)

Your continued use of our services after modifications constitutes your acceptance of the updated Privacy Policy.

10. Data Processing & Legal Basis

10.1 Legal Basis for Processing

  • Contractual Necessity: Processing required to provide you with our services
  • Legitimate Interests: Improvements, security, and fraud prevention
  • Compliance: Legal obligations and regulatory requirements
  • Consent: Where you have explicitly provided consent
  • Performance of Tasks: Processing in the public interest or official authority

10.2 Data Controller Information

Plaintext is the Data Controller for personal information collected through our services. Contact details are provided in the "Contact Us" section below.

11. Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences
  • Understand usage patterns
  • Improve user experience
  • Track analytics

You can control cookie settings through your browser preferences, though some features may not function properly with cookies disabled.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

13. Applicable Laws & Compliance

This Privacy Policy is governed by applicable data protection laws without regard to conflict of law provisions.

If you are a resident of:

  • Canada: You have rights under PIPEDA (Personal Information Protection and Electronic Documents Act)
  • European Union: You have rights under GDPR (General Data Protection Regulation)
  • United Kingdom: You have rights under UK GDPR and Data Protection Act 2018
  • California, USA: You have rights under CCPA (California Consumer Privacy Act) and CPRA
  • Virginia, USA: You have rights under VCDPA (Virginia Consumer Data Protection Act)

13.1 Compliance Certifications

  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • GDPR (General Data Protection Regulation)
  • CCPA/CPRA (California Consumer Privacy Act)
  • UK GDPR (United Kingdom General Data Protection Regulation)
  • SOC 2 Type II security standards
  • ISO 27001 information security standards
  • App Store Privacy Policy Requirements (iOS/Android)
  • HIPAA compliance (where applicable)
  • FedRAMP compliance (for government services)

14. Specific Data Processing Information

14.1 Financial Systems Data

  • Transaction data is encrypted and segregated by organization
  • Payment information is processed through PCI-DSS compliant providers
  • Account reconciliation data is retained per applicable accounting standards
  • Audit trails are maintained for compliance and security purposes

14.2 Cybersecurity Solutions Data

  • Threat intelligence data is anonymized and aggregated
  • Security incident information is retained for investigation and prevention
  • Access logs are encrypted and protected
  • Vulnerability data is segregated and access-controlled

14.3 Productivity Solutions Data

  • Workflow data is stored securely and encrypted
  • Collaboration history is retained per your organization's policies
  • Integration data is transmitted securely
  • Performance analytics are aggregated and anonymized

14.4 Customer Service Management Data

  • Interaction logs are encrypted and access-controlled
  • Customer communication data is protected and retained per compliance needs
  • Analytics on service quality are anonymized
  • Support ticket history is retained for improvement purposes

15. Acknowledgment

By using Plaintext services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Document Version: 1.0
Last Updated: January 2026
Next Review: January 2027