O
OriginPSA

Privacy Policy

Last updated: April 29, 2026

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password (stored as a bcrypt hash).

Billing Information

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe may collect card details, billing address, and related information under their own privacy policy.

Usage Data

We collect data about how you use the Service, including pages visited, features used, and error reports, to improve the product.

Customer Data

Data you enter into the Service (contacts, tickets, invoices, etc.) is stored on your behalf. This data belongs to you.

2. How We Use Information

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (welcome, invoices, password resets)
  • Respond to support requests
  • Detect and prevent fraud or abuse

3. Data Storage & Security

Your data is stored on servers located in the United States. We use AES-256-GCM encryption for sensitive data at rest, TLS 1.3 for data in transit, and implement role-based access controls. We maintain audit logs of all administrative actions.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Stripe — for payment processing
  • Email providers — for transactional email delivery
  • Law enforcement — when required by law or to protect rights

5. Data Retention

We retain your data for as long as your account is active. After cancellation, data is retained for 30 days (grace period) then permanently deleted. You may request data export at any time through your customer portal.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a standard format
  • Object to certain processing

7. Cookies

We use a single session cookie (originpsa_session) for authentication. We do not use third-party tracking cookies or advertising cookies.

8. Children's Privacy

The Service is not intended for use by individuals under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

10. Contact

For privacy-related questions, contact us at privacy@originpsa.com.