{% extends "base.html" %}
{% block title %}Privacy Policy | FreshFilings{% endblock %}
{% block description %}FreshFilings privacy policy — what data we collect, how we use it, and your rights.{% endblock %}

{% block content %}
<article class="legal-page">
  <div class="container legal-inner">
    <h1>Privacy Policy</h1>
    <p class="legal-date">Last updated: June 4, 2026</p>

    <section>
      <h2>What we collect</h2>
      <p>We collect information you provide directly:</p>
      <ul>
        <li><strong>Email address</strong> — when you join the waitlist or create an account.</li>
        <li><strong>Payment information</strong> — handled entirely by Stripe. We never see or store your card number.</li>
      </ul>
      <p>We also collect limited usage data automatically:</p>
      <ul>
        <li>API request logs (endpoint, timestamp, response code) for rate limiting and billing.</li>
        <li>Standard web server logs (IP address, browser, referring page) for security and diagnostics. Logs are retained for 30 days.</li>
      </ul>
    </section>

    <section>
      <h2>How we use it</h2>
      <ul>
        <li>To send you API credentials and product updates (email you provided).</li>
        <li>To process subscription payments and issue invoices (Stripe).</li>
        <li>To enforce API rate limits and detect abuse.</li>
        <li>To improve the product based on aggregate, anonymized usage patterns.</li>
      </ul>
      <p>We do not sell your data. We do not send marketing email to people who haven't opted in.</p>
    </section>

    <section>
      <h2>Third-party services</h2>
      <ul>
        <li><strong>Stripe</strong> — payment processing. Subject to <a href="https://stripe.com/privacy" target="_blank" rel="noopener">Stripe's privacy policy</a>.</li>
        <li><strong>Resend</strong> — transactional email delivery.</li>
        <li><strong>Render</strong> — cloud hosting. Data is stored in the United States.</li>
      </ul>
    </section>

    <section>
      <h2>Public record data</h2>
      <p>The business entity data displayed on this site is sourced from official public state filing databases (NY Department of State, Florida Division of Corporations, Colorado Secretary of State). This data is public record and is not personal data under most privacy frameworks. If a record about a business you control is incorrect, contact the relevant state agency to update the source record.</p>
    </section>

    <section>
      <h2>Your rights</h2>
      <p>You may request deletion of your account and associated personal data (email, billing history) at any time by emailing <a href="mailto:privacy@freshfilings.dev">privacy@freshfilings.dev</a>. We will process requests within 30 days.</p>
    </section>

    <section>
      <h2>Cookies</h2>
      <p>We use session cookies required for authentication and billing. We do not use third-party tracking cookies or advertising pixels.</p>
    </section>

    <section>
      <h2>Changes to this policy</h2>
      <p>If we make material changes, we will notify subscribers by email and update the date at the top of this page.</p>
    </section>

    <section>
      <h2>Contact</h2>
      <p>Questions? Email <a href="mailto:privacy@freshfilings.dev">privacy@freshfilings.dev</a>.</p>
    </section>
  </div>
</article>
{% endblock %}