Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide to us:

• Account Information: Name, email address, password, organization name
• Profile Information: Role, department, contact details
• Employee Data: Names, emails, departments, last working dates of employees being offboarded
• Task Data: Offboarding tasks, notes, attachments, completion status
• Survey Responses: Exit survey answers and feedback
• Payment Information: Billing details (processed securely by Stripe)

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Log Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, features used, time spent on pages
• Cookies: See our Cookie Policy for details
• Performance Data: Error logs, crash reports, API response times

1.3 Information from Third Parties

We may receive information from:

• Authentication Providers: If you sign up via OAuth (Google, Microsoft, etc.)
• Payment Processors: Stripe for payment processing
• Analytics Services: Google Analytics for usage insights

2. How We Use Your Information

We use your information to:

• Provide the Service: Create accounts, manage offboardings, send notifications
• Process Payments: Bill subscriptions, process refunds
• Communicate: Send emails about your account, product updates, security alerts
• Improve the Service: Analyze usage, fix bugs, develop new features
• Ensure Security: Detect fraud, prevent abuse, maintain platform security
• Comply with Laws: Meet legal obligations, respond to lawful requests
• AI Features: Generate insights from exit survey data (anonymized)

3. How We Share Your Information

We do NOT sell your personal information. We may share your information with:

3.1 Service Providers

• Supabase: Database and authentication
• Vercel: Hosting and deployment
• Stripe: Payment processing
• Brevo: Email delivery
• Groq: AI analysis (anonymized data only)

3.2 Within Your Organization

Data is shared with team members in your organization based on their role and permissions.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request.

3.4 Business Transfers

If OffboardPro is acquired or merged, your information may be transferred to the new owner.

4. Data Security

We implement industry-standard security measures:

• Encryption: All data in transit uses TLS/SSL encryption
• Access Controls: Role-based permissions, Row-Level Security (RLS)
• Authentication: Secure password hashing, session management
• Infrastructure: Secure cloud hosting with automatic backups
• Monitoring: 24/7 security monitoring and alerts

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide the Service
• Required by law (e.g., tax records, audit logs)

After account deletion, we retain certain data for 30 days to allow recovery, then permanently delete it. Some data may be retained in anonymized form for analytics.

6. Your Rights

Depending on your location, you may have these rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Objection: Object to certain data processing activities
• Restriction: Limit how we use your data
• Withdrawal: Withdraw consent for data processing

To exercise these rights, contact us at privacy@offboardpro.com

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Privacy Shield frameworks (where applicable)
• Data processing agreements with service providers

8. Children's Privacy

OffboardPro is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication and session management
• Remembering your preferences
• Analytics and performance monitoring

For detailed information, see our Cookie Policy.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date will reflect the most recent changes.

12. GDPR Compliance (EU Users)

If you are in the European Union, we comply with GDPR requirements:

• Legal Basis: We process your data based on consent, contract performance, or legitimate interests
• Data Protection Officer: Contact dpo@offboardpro.com for GDPR inquiries
• Right to Complain: You can file a complaint with your local data protection authority

13. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under CCPA:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your rights

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: privacy@offboardpro.com
• Support: support@offboardpro.com
• Website: https://offboarding.vercel.app