Privacy Policy

Account information: When you sign up, we collect your email address, name, and studio details (company name, logo, brand color) that you provide during onboarding.

Usage data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken, to improve the product and detect issues.

Client data you enter: Information you add about your clients and projects (names, contact details, project scopes) is stored on your behalf to power the Service. You are the data controller for this information.

Payment information: Billing is handled by Stripe. We store only your Stripe customer ID and subscription status — never raw card numbers or bank details.

Communications: If you contact us for support, we retain those communications to resolve your issue and improve the Service.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send billing-related communications
• Send transactional emails (intake confirmations, proposal notifications, invoice receipts)
• Respond to support requests and troubleshoot issues
• Send product updates and feature announcements (you may opt out at any time)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your client data for any purpose other than providing the Service to you.

We rely on the following third-party services to operate the platform:

• Supabase — database hosting and authentication. Your data is stored in Supabase's infrastructure.
• Stripe — payment processing for subscriptions and client invoice payments.
• Resend — transactional email delivery (intake notifications, proposal sends, invoice emails).

Each provider processes your data only to the extent necessary to provide their service and is bound by their own privacy policies and data processing agreements. We encourage you to review their policies.

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. These include:

• Strictly necessary cookies: Required for authentication and session management. Cannot be disabled.
• Functional cookies: Remember your settings and preferences.
• Analytics cookies: Aggregate, anonymized data used to understand usage patterns and improve the product.

You can manage cookie preferences through the cookie banner displayed on your first visit, or through your browser settings. Note that disabling necessary cookies will prevent you from using the Service.

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or fraud prevention purposes. Anonymized, aggregated usage data may be retained indefinitely.

Depending on your location, you may have rights including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a machine-readable format.
• Opt-out: Opt out of marketing communications at any time via the unsubscribe link in any email.
• California residents (CCPA): You have the right to know what data we collect, the right to delete it, and the right to opt out of sale (we do not sell personal data).

To exercise any of these rights, contact us at hello@firstslate.co. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted connections (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to children under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you of material changes via email or a notice within the Service. The “Last Updated” date at the top of this page reflects the most recent revision. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

For privacy-related questions or to exercise your rights, contact us at hello@firstslate.co or visit our contact page.