Privacy Policy

1. Introduction

Welcome to Term Seeker ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at term-seeker.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Password (encrypted)
• Company information (optional)

2.2 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We receive only:

• Subscription status
• Last 4 digits of payment method
• Billing email

2.3 Email Connection Information

When you connect your Microsoft or Google email account:

• OAuth access tokens (encrypted and stored securely)
• Email address of connected account
• Permission scopes granted

2.4 Usage Information

We collect information about how you use Term Seeker:

• Term sheets uploaded and processed
• Emails sent through our service
• Feature usage and preferences
• Log data (IP address, browser type, access times)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Term Seeker service
• Process term sheets and extract data
• Send emails on your behalf to lenders
• Process payments and manage subscriptions
• Send important service notifications
• Improve our service and develop new features
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Email Sending Permissions

When you connect your Microsoft or Google email account, we request permission to send emails on your behalf. We use these permissions only to:

• Send emails to lenders when you explicitly click "Send Email"
• The emails are sent from YOUR email account, not ours
• We do not read, access, or store the contents of your inbox
• We do not send emails without your explicit action
• You can revoke access at any time from your account settings

5. Data Storage and Security

We take data security seriously:

• All data is encrypted in transit (HTTPS/TLS)
• OAuth tokens are encrypted at rest using AES-256-GCM
• Passwords are hashed using industry-standard algorithms
• Data is stored in secure databases (Supabase/PostgreSQL)
• Regular security audits and updates

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

• Service Providers: Stripe (payments), Vercel (hosting), Supabase (database), Resend (system emails)
• Legal Requirements: If required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Revoke Consent: Disconnect email accounts at any time
• Data Portability: Export your data in a standard format
• Object: Object to certain processing activities

To exercise these rights, contact us at hello@term-seeker.com or use the account settings page.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

• Personal data is deleted within 30 days
• Aggregated, anonymized data may be retained for analytics
• Financial records retained for 7 years for legal compliance

9. Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security (CSRF protection)
• Remembering your preferences

We do not use third-party advertising or analytics cookies.

10. Children's Privacy

Term Seeker is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our service. Continued use after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: hello@term-seeker.com
• Website: https://term-seeker.com

14. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be forgotten
• Right to restrict processing
• Right to data portability
• Right to object to automated decision-making
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing: Consent, Contract Performance, Legal Obligation, and Legitimate Interests.

15. California Privacy Rights (CCPA)

California residents have specific rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to access and delete personal information
• Right to non-discrimination for exercising CCPA rights