Privacy Policy

Last updated: June 2026 · Version 1.0

1. What We Collect

We collect the following information when you use SectorBoard:

  • Account information: name, email address, password (hashed)
  • Organisation details: company name, size, industry, address
  • Usage data: which connectors and KPIs you configure
  • API credentials: stored encrypted, never readable in plain text
  • KPI data: numerical metrics fetched from your connected apps

2. How We Use Your Data

  • To provide and improve the SectorBoard service
  • To send transactional emails (verification, password reset, invitations)
  • To process payments via Stripe
  • To display your business KPIs on your dashboard
  • We do NOT sell your data to third parties
  • We do NOT use your data for advertising

3. Data Storage & Security

Your data is stored in Supabase (PostgreSQL), hosted in the EU (Ireland) region. API credentials are encrypted using AES-256-GCM before storage. All data is isolated by organisation using row-level security policies. We use HTTPS for all data transmission.

4. Third-Party Services

We use the following third-party services:

  • Supabase — database and authentication (EU hosted)
  • Stripe — payment processing (they handle all card data)
  • Google Workspace — email delivery

5. Data Retention

Active account data is retained while your account is active. Upon cancellation, data is retained for 90 days to allow reactivation. After 90 days, all personal data and KPI history is permanently deleted. You may request immediate deletion by contacting us.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing of your data

To exercise these rights, contact us at [email protected]

7. Cookies

We use a single session cookie (`session_token`) to keep you logged in. This cookie is HTTP-only, secure, and expires after 7 days. We do not use tracking cookies or advertising cookies.

8. Contact

For privacy enquiries, contact us at [email protected]. We aim to respond within 5 business days.

Terms & ConditionsSecurity & TrustBack to sign up →