Privacy Policy
Effective Date: January 1, 2025 · Last Updated: June 1, 2025
1. Introduction
Slate360, Inc. ("Slate360", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Slate360 platform ("Platform"). Please read this policy carefully. By using the Platform, you agree to the practices described here.
2. Information We Collect
Account Information: name, email address, company name, professional license number, billing address, and password (hashed). Project Data: any information you upload or enter including drawings, documents, schedules, budgets, RFIs, submittals, daily logs, and images. Usage Data: pages visited, features used, IP addresses, browser type, device identifiers, and timestamps. Payment Information: processed by Stripe; we store only the last 4 digits of your card and billing address — we do not store full card numbers.
3. How We Use Your Information
We use your information to: (a) provide, maintain, and improve the Platform; (b) process payments and manage subscriptions; (c) send transactional emails (account creation, password reset, billing receipts); (d) provide customer support; (e) generate aggregated, anonymized analytics to improve our service; (f) comply with legal obligations; (g) detect and prevent fraud and abuse.
4. AI Processing
Slate360 uses OpenAI and similar AI providers to power features such as contract summarization and requirement extraction. Documents you submit for AI analysis may be transmitted to these providers. AI providers are bound by data processing agreements prohibiting them from using your data to train their models. AI outputs are stored in your project for your user experience only.
5. Data Storage and Security
Your project files are stored in AWS S3 (us-east-2 region) with server-side AES-256 encryption at rest and TLS 1.2+ encryption in transit. Project data is stored in Supabase PostgreSQL with row-level security enforcing per-user access controls. Passwords are hashed using bcrypt and never stored in plain text. We maintain SOC 2-aligned security practices including access logging, MFA for production systems, and regular security reviews.
6. Data Retention
We retain your project data for as long as your account is active or as needed to provide services. After account cancellation, you have 30 days to export your data. After the export window closes, we will delete your project data from active storage within 90 days. Anonymized, aggregated analytics may be retained indefinitely.
7. Sharing of Information
We do not sell your personal information. We may share information with: (a) Service providers acting on our behalf (AWS, Supabase, Stripe, Resend, OpenAI) under data processing agreements; (b) Law enforcement or government authorities when required by law; (c) Successors in interest if Slate360 undergoes a merger or acquisition, with advance notice to affected users. We will never share your project-specific data with your competitors.
8. Cookies and Tracking
We use essential cookies necessary for authentication and session management. We use analytics cookies to understand platform usage. You may disable non-essential cookies through your browser settings. We do not use third-party advertising cookies or tracking pixels from ad networks.
9. Your Rights
Depending on your location, you may have rights including: access to your personal data, correction of inaccurate data, deletion ("right to be forgotten"), portability of your data in machine-readable format, and objection to certain types of processing. To exercise these rights, contact us at privacy@slate360.ai. We will respond within 30 days.
10. CCPA (California Residents)
California residents have the right to know what personal information is collected and used, the right to delete personal information, and the right to opt-out of the sale of personal information (Slate360 does not sell personal information). We do not discriminate against users who exercise their CCPA rights.
11. GDPR (EU/EEA Residents)
If you are located in the EU or EEA, our legal basis for processing personal data is: performance of a contract (account management), legitimate interests (platform improvement, security), and consent (marketing communications). You have the right to lodge a complaint with your local supervisory authority. Our EU representative contact: privacy@slate360.ai.
12. Children's Privacy
The Platform is not intended for children under 18. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.
14. Contact Us
For privacy questions, data requests, or to report a concern: Email privacy@slate360.ai · Write to: Slate360, Inc., Privacy Officer, Wilmington, DE 19801.