Back to home

Privacy Policy

Last updated: April 18, 2026

Security

Supabase Hosted

Encryption

AES-256

Data

Never Sold

Access

Read-Only

Your Security is Our Priority

At RETENU, we understand that you're trusting us with sensitive financial data and API credentials. We take this responsibility extremely seriously and have built enterprise-grade security into every aspect of our platform.

What This Policy Covers

This Privacy Policy explains how RETENU collects, uses, stores, and protects your information when you use our service. We are committed to transparency and your right to privacy.

API Keys & Credentials Security

Military-Grade Encryption

All API keys and credentials are encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Your credentials are never stored in plain text.

Read-Only Access

We only request read-only API permissions. We never modify, delete, or write data to your connected services. We can only read to detect Leaks.

Secure Storage

API credentials are stored in isolated, encrypted databases with strict access controls. Only authorized systems can decrypt them, and all access is logged and monitored.

You're In Control

You can revoke access at any time. Simply disconnect the integration in your settings, and we'll immediately delete all associated credentials from our systems.

Security Practices

Your data is stored securely via Supabase (which maintains SOC 2 compliance). We follow security best practices but have not completed independent security audits yet.

What Data We Collect

Account Information

  • Email address and name
  • Company name and billing information
  • Password (encrypted with bcrypt)

Financial Data

  • Invoice data from connected platforms (Stripe, QuickBooks, etc.)
  • Time tracking data from connected platforms (Toggl, Clockify, etc.)
  • Client information and retainer agreements
  • Revenue metrics and margin calculations

Usage Data

  • Feature usage and interaction patterns
  • Error logs and performance metrics
  • Browser type, device information, and IP address

How We Use Your Data

We use your data exclusively to:

  • Detect Leaks and billing errors
  • Generate alerts and insights
  • Calculate financial metrics and reports
  • Provide customer support
  • Improve our service and develop new features

We NEVER sell, rent, or share your data with third parties for marketing purposes.

Data Storage & Retention

Your data is stored on secure, encrypted servers in {US/EU} data centers. We retain your data:

  • For active accounts: as long as your account is active
  • For closed accounts: 30 days after account closure (for recovery purposes)
  • API credentials: immediately deleted upon disconnection
  • Aggregated analytics: indefinitely (fully anonymized)

Your Rights

You have the right to:

  • Access: Request a copy of all data we have about you
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your data (subject to legal obligations)
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing communications

Our Data Practices

What we commit to:

Data Ownership

Your data belongs to you. Export or delete anytime.

No Data Sales

We never sell or share your data with third parties.

Secure Storage

Data hosted on Supabase with encryption at rest.

Security First

We follow industry best practices for data protection.

Questions or Concerns?

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@obsidian.com

Security: security@obsidian.com

Response Time: We respond to all privacy inquiries within 48 hours

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and by posting a notice in the app. Continued use of RETENU after changes constitutes acceptance of the updated policy.