Privacy Policy

AccountSweep ('we', 'us', or 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using AccountSweep, you agree to the collection and use of information in accordance with this policy.

AccountSweep is designed with privacy-first principles. We collect minimal data necessary to provide our Service:

Account Information: Service names, URLs, usernames, email addresses, and notes that you choose to store. This data is encrypted end-to-end before storage.

Authentication Data: We use Clerk for authentication. Clerk may collect email addresses and authentication tokens. Please review Clerk's privacy policy for details.

Usage Data: We do not collect analytics, tracking data, or behavioral information. We do not use cookies for tracking purposes.

Email scanning is performed entirely on your device. We never upload your email content to our servers. The scanning process:

• All email processing happens locally in your browser or device
• Email content is never transmitted to our servers
• Only account information you choose to import is stored (in encrypted form)
• Email credentials are encrypted before transmission and never stored in plaintext

All account data stored in AccountSweep is encrypted using client-side encryption. This means:

• Encryption happens on your device before data is sent to our servers
• Your encryption key never leaves your device
• We cannot decrypt your data without your encryption passphrase
• You have complete control over your data

We use the data we collect solely to provide and improve our Service:

• To provide, maintain, and improve the Service
• To provide customer support and respond to your inquiries
• To ensure the security and integrity of the Service
• To comply with legal obligations

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• Service Providers: We use third-party services (Supabase for database, Clerk for authentication, Stripe for payments, Vercel for hosting) that may process data on our behalf. All service providers are bound by data processing agreements.
• Legal Requirements: We may disclose data if required by law or in response to valid legal requests.
• With Your Consent: We will share data only with your explicit consent.

Payment processing for Pro subscriptions is handled by Stripe, Inc. ('Stripe'). When you make a payment:

• Stripe collects payment information (credit card details, billing address) directly
• We do not store or process credit card information
• We may share minimal metadata (user ID) with Stripe for subscription management
• Stripe's privacy policy applies to payment data: https://stripe.com/privacy

We retain your data only for as long as necessary to provide the Service:

• Active Accounts: Data is retained while your account is active
• Account Deletion: When you delete your account, all associated data is permanently deleted within 30 days
• Backups: Deleted data may remain in backups for up to 90 days before permanent deletion

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: You can request a copy of all data we hold about you
• Right to Rectification: You can correct inaccurate data
• Right to Erasure: You can request deletion of your data
• Right to Data Portability: You can export your data in CSV format
• Right to Object: You can object to certain processing activities
• Right to Restriction: You can request restriction of processing

You can export all your account data at any time through the account settings. Exported data is provided in CSV format and includes all account information you have stored.

We implement industry-standard security measures to protect your data:

• End-to-end encryption for all stored data
• TLS/SSL encryption for data in transit
• Limited access controls and authentication requirements
• Regular security audits and monitoring

AccountSweep uses minimal cookies necessary for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. We do not engage in behavioral tracking or profiling.

AccountSweep is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the 'Last updated' date. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@accountsweep.com