Privacy Policy

Introduction & Scope

SaaSassins is a software development studio. The product purchased through this website's checkout is PolishPoint, a one-time-fee software deployment consisting of a base build plus optional add-on modules. You pay once via Stripe Checkout, and you own the delivered, deployed application. There is no recurring subscription tied to that purchase.

This policy applies to information we handle as the controller of our own business — that is, information you provide when you browse our site, contact us, purchase PolishPoint, complete our post-checkout intake form, or otherwise interact with SaaSassins. It describes our practices for our website and purchase flow.

This policy does not govern how a deployed PolishPoint application handles the personal data that you, as its owner, later collect from your own customers and users. When we process such data on your behalf in connection with delivering and supporting your deployment, that processing is governed by a separate Data Processing Agreement (DPA), and you act as the controller/business while we act as a processor/service provider. This Privacy Policy concerns SaaSassins' own data practices.

Information We Collect

We collect the following categories of information:

• Business and contact intake details. When you purchase PolishPoint and complete our post-checkout intake form, we collect information such as your name, business name, email address, business contact information, and the configuration details we need to build, brand, and deploy your application.
• Payment information processed by Stripe. Payments are handled by Stripe through Stripe Checkout. We do not collect or store your full card number or other complete payment-card details on our own systems. Stripe processes your payment and shares limited transaction information with us (such as confirmation of payment, billing name, email, and the last few digits/card brand) so we can fulfill your order.
• Mobile phone number (only if you opt into SMS). If, and only if, you explicitly opt in to text messages via our post-checkout intake form, we collect the mobile phone number you provide so we can send the onboarding and service messages you requested. Providing a number for SMS is optional and is not required to purchase PolishPoint.
• Logo and brand assets. To build and brand your deployment, you may provide logos, images, color preferences, and other brand materials.
• Basic site and usage data. When you visit our website, we and our hosting provider may automatically collect limited technical information such as your IP address, browser type, device information, pages viewed, and referring pages, used to operate, secure, and improve the site.

We do not seek to collect sensitive or special-category information, and you should not submit it to us through the website or intake form. For purposes of U.S. state privacy laws such as the CCPA/CPRA, the categories above also serve as our disclosure of the categories of personal information we collect and may disclose to service providers; we do not collect sensitive personal information for the purpose of inferring characteristics.

How We Use Information

We use the information we collect to:

• Process your PolishPoint purchase and complete your transaction through Stripe;
• Design, build, brand, configure, deploy, and support your application;
• Communicate with you about your order, project, onboarding, and support requests via email sent from our saasassins.com domain (for example, orders@saasassins.com and hello@saasassins.com);
• Send the recurring automated onboarding and service text messages you requested, but only if you explicitly opted in to SMS (see the SMS section below);
• Operate, maintain, secure, and improve our website and services;
• Detect, prevent, and address fraud, abuse, security incidents, and technical issues; and
• Comply with our legal obligations and enforce our Terms.

We do not use the mobile number you provide for SMS for any purpose other than the messaging program you opted into and the support of that program.

Legal Bases for Processing

Where the GDPR or similar laws apply, we rely on the following legal bases: performance of a contract (to process your purchase and build, deploy, and support your application); consent (to send SMS messages to those who explicitly opt in, which you may withdraw at any time); legitimate interests (to operate, secure, and improve our website and services, and to prevent fraud and abuse, balanced against your rights); and compliance with a legal obligation (to meet tax, accounting, and other legal requirements).

How We Share Information

We do not sell your personal information, and we do not "share" your personal information for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA). We share information only with the service providers we use to operate our business and deliver PolishPoint, and only as needed for them to perform services for us:

• Stripe — payment processing for your one-time purchase.
• Resend — delivery of transactional and system email (sent from our saasassins.com domain, such as orders@saasassins.com).
• Twilio — delivery of SMS messages under our A2P 10DLC program, used only if you opted into SMS.
• Vercel — hosting of our website.

These providers are permitted to use the information only to provide services to us. We may also disclose information where required by law, to protect our rights, safety, or property, or in connection with a business transfer (such as a merger or acquisition) — except that SMS opt-in data and consent will not be transferred for marketing or promotional use and remain subject to the no-sharing commitment described above.

Consistent with the SMS section above, text-messaging opt-in data and consent are never shared with third parties or affiliates for marketing or promotional purposes; sharing with subcontractors that support our services (such as customer service) is permitted, and no other use-case category includes that opt-in data or consent. For more on the SMS program see our SMS Terms, and for our general terms see our Terms.

Cookies & Analytics

Our website and our hosting provider may use cookies and similar technologies to operate the site, remember your preferences, maintain security, and understand basic, aggregate usage so we can improve performance. This may include limited analytics about how visitors navigate the site.

Most browsers let you control or disable cookies through their settings. If you disable certain cookies, some parts of the site may not function as intended. We do not use cookies to sell your personal information or to share it for cross-context behavioral advertising.

Data Retention

We retain the information we collect for as long as needed to fulfill the purposes described in this policy — including completing your purchase, building and supporting your deployment, maintaining business and financial records, and complying with our legal obligations — and then delete or de-identify it in the ordinary course.

If you opted into SMS and later opt out, we stop sending messages and retain only the limited records necessary to honor your opt-out and to demonstrate compliance. Information held in routine, encrypted backups is deleted on our ordinary backup-retention cycle.

Security

We implement appropriate technical and organizational measures designed to protect personal information against accidental or unlawful loss, alteration, unauthorized disclosure, or access. These measures include:

• Encryption of information in transit over public networks and at rest using industry-standard mechanisms provided by our infrastructure providers;
• Authentication, authorization, and role-based access controls limiting access to authorized personnel on a need-to-know basis;
• Secure management of credentials, API keys, secrets, and encryption keys;
• Application of least-privilege principles across personnel access and system components;
• Logging and monitoring designed to detect and respond to security events; and
• Regular backups and measures designed to restore availability following an incident.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You are responsible for safeguarding any credentials you use to access our services.

Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or obtain a portable copy of the information we hold about you, and to opt out of certain processing. The categories of personal information we collect and disclose are described in Information We Collect above.

Because we do not sell personal information and do not "share" it for cross-context behavioral advertising, there is no sale or cross-context sharing for you to opt out of. We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at hello@saasassins.com. We will respond consistent with applicable law and may need to verify your identity before acting on a request; you may use an authorized agent where the law permits. You may also opt out of SMS at any time by replying STOP, and you may unsubscribe from non-essential emails using the link in those emails or by contacting us.

Jurisdiction-specific rights (for example, under the CCPA/CPRA, the GDPR, or other applicable laws) will be detailed here once our governing-law jurisdiction is confirmed. If you are an end-user whose data resides in a deployed PolishPoint application owned by one of our customers, please direct your request to that customer, who controls that data; we will assist them as required under our agreement with them.

Children's Privacy

Our website and PolishPoint purchase flow are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 where the GDPR or other applicable law sets a higher threshold). If you believe a child has provided us with personal information, please contact us at hello@saasassins.com and we will take appropriate steps to delete it.

International Users

SaaSassins operates from the United States, and the service providers we use to process information (Stripe, Resend, Twilio, and Vercel) may process information in the United States. If you access our website or purchase PolishPoint from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other locations where we or our service providers operate, which may have data-protection laws different from those in your country.

Where required by applicable law for transfers of personal information out of the EEA, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, as applicable) as the safeguard for such cross-border transfers. You may contact us at hello@saasassins.com for more information about these safeguards.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "last updated" date below and, where appropriate, provide additional notice. Your continued use of our website or services after an update means you accept the revised policy.

Contact

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at hello@saasassins.com. You may also reach us by mail at [SaaSassins registered business mailing address — to be confirmed].

Transactional email from SaaSassins is sent from our saasassins.com domain (for example, orders@saasassins.com and hello@saasassins.com). For related terms, see our Terms, our SMS Terms, and our PolishPoint product page.