Draft for beta. This is a starting template, not legal advice — have it reviewed by counsel before launch.

Privacy Policy

Last updated: June 18, 2026

Done Maestro is operated by Purplo Consulting Inc. (“we”, “us”). This policy explains what personal data we collect, why, and your rights. We don’t sell your data.

1. What we collect

• Account: name, email, and authentication data.
• Your content: the inbox items, projects, actions, notes, sketches, and reviews you create.
• Usage & technical: basic logs and security signals (e.g., IP for rate-limiting and bot protection).
• Payment: when billing applies, card details are handled by Stripe — we never see or store full card numbers.

2. How we use it

To provide and secure the Service, communicate with you (e.g., verification and account emails), process payments when applicable, and improve Done Maestro. Our audit logs record events, not the contents of your items.

3. Legal bases (GDPR)

We process data to perform our contract with you, for our legitimate interests (security, improvement), to meet legal obligations, and with your consent where required.

4. Service providers

We share data only with providers that help us run the Service:

• Cloudflare — hosting, storage, and bot protection (Turnstile).
• Neon — database hosting.
• SMTP2GO — transactional email.
• Stripe — payment processing (when billing applies).

5. Retention

We keep your data while your account is active. Deleted items are purged after a short retention window, and deleting your account erases your data (including stored files).

6. Your rights

Depending on your location, you may access, correct, delete, or export your data, and object to or restrict certain processing. You can export a copy of your data from Settings and delete your account at any time. To exercise other rights, contact us.

7. Security

We use encryption in transit, scoped access, encrypted storage of sensitive secrets, and content-free logging. No system is perfectly secure, but we work to protect your data.

8. Cookies

We use essential cookies for sign-in and security (including bot protection). We don’t use advertising trackers.

9. International transfers & children

Data may be processed in countries where our providers operate, with appropriate safeguards. The Service isn’t directed to children under 16.

10. Changes & contact

We may update this policy; material changes will be communicated. Questions or requests: Purplo Consulting Inc. — privacy@donemaestro.com.