◦ Legal
Privacy Policy
Last updated June 25, 2026 · Template — review before launch
This template explains how AccessExit handles your data. It is written to match how the product actually works, but it is not legal advice — have it reviewed and complete the bracketed placeholders before launch.
1. Who controls your data
AccessExit, operated by Eastbase Studio, is the data controller for account data and the marketing site. For the content inside a workspace (your people, apps, cases, and evidence), your organization is the controller and AccessExit acts as a processor on your behalf.
2. What we collect
- Account data — your name, email, and a hashed password (handled by our authentication library; we never store plaintext passwords). If you choose to sign in with Google or GitHub, we receive your basic profile and email from them.
- Workspace content — the people, app inventory, account mappings, offboarding cases, tasks, evidence (notes, links, files), and receipts you create.
- Integration data — when you connect Google Workspace, the directory data you sync. OAuth tokens are encrypted at rest.
- Usage & diagnostics — only when the optional analytics and error-monitoring tools below are enabled. We do not use ad tracking, session replay, or autocapture.
3. How we use your data
- To provide the service — generate checklists, track tasks, produce receipts, and run access reviews.
- To operate accounts, workspaces, and billing.
- To send transactional and notification email (assignments, reminders, ready receipts).
- To keep the service secure and reliable, and to understand aggregate product usage where telemetry is enabled.
We do not sell your data and we do not use your workspace content to train AI models — the product has no AI features.
4. Cookies and analytics
AccessExit uses a small, essential session cookie to keep you signed in. We take a conservative approach to analytics:
- Product analytics (PostHog) record explicitly named events only — no autocapture, no session replay, and no personal data. Identification uses an opaque id.
- Vercel Web Analytics and Speed Insights measure aggregate traffic and performance.
- Error monitoring (Sentry) captures diagnostics when something breaks.
- URLs sent to any of these tools are stripped of ids and tokens first, and the public receipt page is never tracked.
Every telemetry tool is off unless configured, so self-hosted and development environments run with no third-party tracking.
5. Subprocessors
We rely on the following providers to operate AccessExit. Those marked optional are inert unless their keys are configured.
| Provider | Purpose | Data involved |
|---|---|---|
| Vercel | Application hosting, web analytics & speed insights | Request metadata, aggregate traffic and performance |
| Neon | PostgreSQL database hosting | Your workspace records (people, apps, cases, receipts) |
| Vercel Blob | Private file storage | Evidence files you upload |
| Lemon Squeezy | Payments — merchant of record | Billing details, plan and subscription status |
| Resendopt | Transactional & notification email | Recipient email, message metadata |
| Upstashopt | Rate limiting (Redis) | Hashed IP-based request counters |
| PostHogopt | Product analytics (named events only) | Opaque workspace/user id, event names — no PII |
| Sentryopt | Error & performance monitoring | Error reports with ids/tokens scrubbed |
| Directory integration & optional sign-in | Directory data you sync; OAuth account email |
TODO: confirm each provider’s data-processing region and add a data-processing addendum (DPA) reference where required.
6. Data retention
We keep your data for as long as your workspace is active. Audit events are append-only by design and are retained as a security record. Evidence you delete is soft-deleted (and the deletion itself is audited); ask us if you need it permanently purged. When you delete your workspace, we remove your content within [retention window — TODO: confirm, e.g. 30 days], except where we must retain limited records for legal or accounting reasons.
7. How we protect your data
- Integration tokens are encrypted at rest (AES-256-GCM); passwords are hashed, never stored in plaintext.
- Evidence files are stored private and served only through an authenticated, access-checked download route.
- Integrations request least-privilege, read-only scopes where possible.
- Public auth endpoints are rate-limited, and receipts are reachable only via an unguessable 256-bit token.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Within the product you can export receipts and access reviews to CSV (on paid plans) and delete people, apps, and evidence. To exercise any other right, or to request deletion of your whole workspace, email support@accessexit.com.
9. International transfers
Our providers may process data in the United States and other regions. Where required, we rely on appropriate safeguards (such as standard contractual clauses). TODO: confirm transfer mechanism and hosting regions.
10. Children
AccessExit is a workplace tool not intended for children. We do not knowingly collect personal data from anyone under [16/18 — TODO: confirm].
11. Changes and contact
We’ll update this policy as the product evolves and revise the date above. For any privacy question or request, email support@accessexit.com.
Questions about this policy? Email support@accessexit.com.