Privacy Policy

Last updated: January 2025

Effective date: January 2025

1. Introduction

Welcome to ClientDock ("we", "our", or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our client portal service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address for authentication and account management
  • Portal Content: Files, photos, documents, notes, timelines, and other content you create or upload to your client portals
  • Payment Information: Processed securely by Stripe (we don’t store credit card details)

2.2 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: How you interact with our service, pages visited, features used
  • Analytics Data: Collected via Google Analytics to understand service usage and improve user experience
  • Cookies: Essential cookies for authentication, functionality, and analytics

3. How We Use Your Information

We use your information to:

  • Provide and maintain our client portal service
  • Process your subscription and payments via Stripe
  • Store and manage your portal content (files, notes, timelines)
  • Send important service communications and authentication emails
  • Analyze service usage to improve user experience (via Google Analytics)
  • Ensure service security and prevent abuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide our service and process payments
  • Legitimate Interest: To improve our service, ensure security, and prevent fraud
  • Consent: For Google Analytics and optional features (when explicitly requested)
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Third Parties

We share your data only with trusted service providers:

  • Stripe: For secure payment processing (subject to Stripe’s privacy policy)
  • Cloudflare: For hosting, content delivery, and security services
  • Google Analytics: For anonymized usage analytics (subject to Google’s privacy policy)
  • Email Service Providers: For sending authentication and service emails

We never sell your personal data to third parties.

6. Data Security

We implement comprehensive security measures including:

  • End-to-end encryption for data in transit and at rest
  • Secure authentication systems with NextAuth
  • Cloudflare’s enterprise-grade security infrastructure
  • Regular security assessments and monitoring
  • Access controls and audit logging
  • Secure file storage with access restrictions

7. Data Retention and Storage Limits

We retain your data as follows:

  • Account Data: Until you delete your account
  • Portal Content: Until you delete it or your account is terminated
  • Payment Records: As required by law and Stripe’s retention policies
  • Analytics Data: As per Google Analytics retention settings

7.1 Storage Limit Enforcement

Important Storage Policy:

If you cancel your subscription and your stored content exceeds the free tier storage limit, you will have 30 days to either:

  • Renew your subscription to maintain full storage access
  • Download and manually remove excess content to comply with free tier limits

After 30 days, we reserve the right to automatically delete excess content to bring your account within free tier limits. Content deletion will be performed randomly and cannot be recovered.

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: For processing based on consent (e.g., analytics)

To exercise these rights, contact us at privacy@clientdock.me

9. Cookies and Tracking

We use the following types of cookies:

9.1 Essential Cookies

  • User authentication and session management
  • Security and fraud prevention
  • Basic functionality of our service

9.2 Analytics Cookies

  • Google Analytics: To understand how users interact with our service
  • These cookies help us improve user experience and service performance
  • You can opt-out of analytics tracking in your browser or contact us

10. International Transfers

Your data is processed through Cloudflare’s global network and may be transferred to countries outside your residence. We ensure appropriate safeguards through:

  • Cloudflare’s compliance with international data protection standards
  • Standard Contractual Clauses (SCCs) where applicable
  • Adequacy decisions by relevant data protection authorities
  • Appropriate technical and organizational security measures

11. Children’s Privacy

ClientDock is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through our service. Your continued use of ClientDock after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or our data practices, contact us:

Email: privacy@clientdock.me

Company: ClientDock

Address: [Company Address Placeholder]

We will respond to your privacy-related inquiries within 30 days.

14. Data Protection Authority

If you are located in the European Union and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority.