Privacy Policy

Last updated: March 25, 2026

1. Data We Collect

We collect the following information:

• Account information: Email address. We do not store passwords — authentication is via magic links.
• Consent records: Signature name, IP address, user agent, timestamp, and document content hash when you accept an NDA or Terms of Service.
• Project data: Project names, destination URLs, NDA text, and invite records created by builders.
• Usage data: Audit events (invite sent, agreement accepted, access revoked), session records, and IP addresses for security and rate limiting.
• Billing data: Payment information is processed and stored by Stripe. We store only your Stripe customer ID.

2. How We Use Your Data

• To provide and operate the Service (authentication, proxying, NDA management)
• To process payments and manage subscriptions
• To send transactional emails (magic links, invite notifications)
• To maintain audit trails for legal compliance
• To enforce our Terms of Service and prevent abuse
• To improve the Service

3. Data Sharing

We do not sell your personal data. We share data with the following third-party services as necessary to operate:

• Stripe: Payment processing (billing data)
• Resend: Transactional email delivery (email addresses)
• Render: Infrastructure hosting (all data in transit and at rest)

We may also disclose data when required by law or to protect our rights.

4. Data Retention

• Account data: Retained until you delete your account.
• Consent records: Retained for the duration required by the applicable NDA (typically 2 years after the prototype access period ends), or as required by law.
• Audit logs: Retained per your plan tier (Free: 7 days, Pro: 90 days).
• Session data: Automatically purged when sessions expire (30 days).

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your personal data
• Rectify inaccurate personal data
• Request deletion of your personal data
• Object to or restrict processing of your personal data
• Data portability

To exercise these rights, contact us at hello@protowall.app.

6. Security

We implement appropriate technical measures to protect your data, including:

• HTTPS/TLS encryption for all traffic
• Magic-link authentication (no stored passwords)
• SHA-256 content hashing for document integrity verification
• Scrypt password hashing for admin accounts
• Rate limiting on authentication endpoints

7. Cookies

We use a single session cookie (session) required for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Children

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.

9. International Transfers

Our infrastructure is hosted in the United States via Render. By using the Service, you consent to the transfer and processing of your data in the United States.

10. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email or the platform. Continued use after changes constitutes acceptance.

11. Contact

Homotechnica LLC
Email: hello@protowall.app