Skip to main content

Privacy Policy

Last updated: February 2026

1. Information We Collect

Account Information: When you create an account, we collect your name and email address. If you sign in with Google SSO, we receive your name, email, and profile identifier from Google.

Usage Data: We log API requests including timestamps, document formats processed, and response times. This data is used for usage metering, analytics, and service improvement.

Templates and Documents: Templates you upload and documents you generate are processed in memory and are not stored permanently on our servers unless you use the template management feature, in which case templates are stored on the ETCH server you are connected to.

2. How We Use Information

  • To provide, maintain, and improve the Service
  • To process your document templates and generate output
  • To manage your account and billing
  • To enforce usage limits and prevent abuse
  • To send important service-related communications
  • To provide customer support

3. Data Storage and Security

Account data is stored in an Oracle database with encrypted connections. Sessions use encrypted cookies with secure, HTTP-only flags in production.

We implement industry-standard security measures including CSRF protection, rate limiting, input validation, and audit logging of significant account actions.

4. Third-Party Services

Stripe: We use Stripe to process payments. When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe. We do not store your credit card details. See Stripe's Privacy Policy.

Google: If you use Google Sign-In, we receive basic profile information from Google. See Google's Privacy Policy.

5. Cookies

We use the following cookies:

  • Session cookie: An encrypted cookie that maintains your login session
  • CSRF token: A security cookie that protects against cross-site request forgery

We do not use tracking cookies or third-party analytics cookies.

6. Data Retention

Account data is retained for the duration of your account. Usage logs are retained for analytics and billing purposes. Audit logs are retained for security purposes. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format

To exercise these rights, contact us at support@get-etch.app.

8. On-Premise Deployments

If you use ETCH as an on-premise installation, your templates and documents are processed entirely on your own infrastructure. We do not have access to your data in on-premise deployments. Only licence validation and optional usage reporting communicate with our servers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The “Last updated” date at the top indicates when the policy was last revised.

10. Contact

For questions about this Privacy Policy, contact us at support@get-etch.app.