§ 01 — Overview

Privacy Policy

Effective: March 9, 2026

This Privacy Policy describes how TheCorporation (“we,” “us,” or “our”) collects, uses, and shares information when you use our website, cloud platform, chat interface, CLI tools, API, and related services (the “Service”).

§ 02 — Collection

Information We Collect

Information you provide

  • Email address — used for authentication (magic link sign-in), account identification, and transactional emails
  • Corporate data — entity details, officer and director information, cap table records, documents, meeting minutes, and other data you submit through the Service
  • Payment information — processed by Stripe; we do not store card numbers or bank account details on our servers

Information collected automatically

  • Usage data — pages visited, features used, API endpoints called, timestamps
  • Device information — browser type, operating system, screen resolution
  • IP address — used for security, rate limiting, and abuse prevention

Information we do not collect

  • We do not use tracking cookies or third-party analytics
  • We do not collect data from self-hosted installations
  • We do not purchase data from data brokers
§ 03 — Use

How We Use Your Information

  • Provide the Service — authenticate you, process your corporate operations, generate documents, run compliance agents
  • Communicate — send transactional emails (magic links, signing requests, billing confirmations, compliance digests)
  • Improve the Service — analyze aggregate usage patterns, fix bugs, develop new features
  • Security — detect and prevent fraud, abuse, and unauthorized access
  • Legal compliance — comply with applicable laws, regulations, and legal processes
§ 04 — AI

AI & Language Models

The chat interface uses third-party language model providers (currently Anthropic) to process your messages. Your chat messages and corporate context are sent to the LLM provider to generate responses.

We do not use your corporate data or chat history to train language models. LLM providers process your data under their respective data processing agreements and do not use it for training.

On the self-hosted plan, you bring your own API key and communicate directly with your chosen LLM provider.

§ 05 — Sharing

Information Sharing

We do not sell your personal information. We share your information only in these circumstances:

  • Service providers — Stripe (payments), Resend (transactional email), Anthropic (LLM processing), and infrastructure providers that help us deliver the Service
  • Compliance filings — when you authorize us to file documents with state agencies on your behalf (Cloud plan)
  • Legal requirements — when required by law, court order, or governmental regulation
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users
§ 06 — Storage

Data Storage & Security

Your corporate data is stored in git repositories on our infrastructure (Cloud plan) or your own infrastructure (self-hosted). We use encryption in transit (TLS) and at rest. API keys are hashed before storage. Authentication tokens are HMAC-signed and time-limited.

No system is perfectly secure. We implement reasonable administrative, technical, and physical safeguards, but cannot guarantee absolute security.

§ 07 — Retention

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Corporate data in git repositories retains full history by design.

Upon account termination, you may export your data for 30 days. After that, we may delete your data from our systems. Some data may be retained as required by law.

§ 08 — Rights

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your personal information
  • Export your data (available at any time via git clone)
  • Object to or restrict certain processing
  • Withdraw consent

To exercise these rights, contact us at [email protected].

§ 09 — Children

Children’s Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

§ 10 — Changes

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the email associated with your account. The “Effective” date at the top indicates the latest revision.

Questions about privacy? Contact us at [email protected].

CORP-PRIV-001