Last updated: March 22, 2026
Privacy Policy
1. What Data We Collect
Account Data
When you register, we collect: company name, your name, email address, and password (managed by Supabase Auth).
Employee Data
Data you enter about your employees: names, email addresses, phone numbers, addresses, job titles, hire dates, department assignments, and profile photos. You are the data controller for this information.
Documents
Files you upload: contracts, IDs, tax forms, and other HR documents. Stored in encrypted private storage.
Usage Data
We automatically collect: IP addresses, browser type, pages visited, feature usage, and performance metrics. This data is used to improve the Service and is not shared with third parties.
2. How We Use Your Data
- Providing the Service: storing and displaying your HR data, processing time-off requests, generating reports
- Transactional emails: time-off notifications, onboarding reminders, billing confirmations
- Service improvement: analyzing usage patterns to improve features (aggregated, not individual)
- Security: audit logging, fraud prevention, abuse detection
We never sell your data to third parties. Period.
3. Data Retention
Your data is retained for as long as your account is active. Upon account deletion, all data is permanently removed within 30 days. Backups containing your data are purged within the same period.
4. Sub-Processors
We use the following third-party services to operate Plintio:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | AWS US-East |
| Supabase Storage | Document storage | AWS US-East |
| Vercel | Application hosting | Global CDN |
| Stripe | Payment processing | USA |
| Resend | Transactional email | USA |
5. CCPA Rights (California Residents)
If you are a California resident, you have the right to:
- Know: Request what personal information we collect and how it is used
- Delete: Request deletion of your personal information
- Opt-out: We do not sell personal information, so no opt-out is necessary
- Non-discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, email privacy@plintio.com.
6. PIPEDA Compliance (Canadian Customers)
For Canadian customers, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only for identified purposes with your consent. You may access, correct, or withdraw consent for your personal information at any time by contacting us.
7. Cookies
We use the following cookies:
- Authentication cookies (essential): Supabase session cookies to keep you logged in. Cannot be disabled.
- Analytics cookies (optional): Vercel Analytics for page views and performance metrics. Can be declined via cookie banner.
We do not use advertising cookies or tracking pixels.
8. Data Security
We protect your data with:
- TLS encryption for all data in transit
- Encrypted storage at rest
- Role-based access control
- Immutable audit logging
- Regular security reviews
- SOC 2 compliant infrastructure (via Supabase/AWS)
9. Children's Privacy
Plintio is a B2B service and is not intended for use by individuals under 18. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you via email of material changes at least 30 days before they take effect.
11. Contact
For privacy-related questions or to exercise your rights:
Email: privacy@plintio.com