Smart Order Capture
Legal

Privacy Policy

Last updated: 2026-05-16

Pre-launch placeholder. This document has not yet been reviewed by counsel and is published so the user-facing flow exists end-to-end. The final version, signed off before public launch, will replace this text. Do not rely on it as a binding legal document yet.

This policy describes what data smartordercapture, Inc. collects, why, who we share it with, and how long we keep it. We've written it in plain English; the legalese is reserved for the sections where we have to be precise.

1. Data we collect

From you, directly

  • Account info: email, name, hashed password. Stored in our primary database.
  • Workflow definitions: the JSON your visual builder produces. Stored only when you enable cloud sync.
  • Marketplace submissions: templates you publish, plus your author profile and rating data.
  • Support correspondence: anything you send to support@smartordercapture.com.
  • Abuse reports: contents of forms submitted to /abuse.

From your devices, automatically

  • Device metadata: device label you choose, Android version, app version, install source (Play vs direct), Firebase Cloud Messaging push token.
  • Run records: status (success/failed/cancelled), timestamps, optional trace JSON, error messages. The trace records WHICH nodes executed; it does not include screen content unless a workflow you authored explicitly captured it.
  • Screenshots: ONLY when a workflow you authored uses action.screenshotToSpaces. Uploaded to your dedicated bucket prefix; we do not view them.
  • Server-side request logs: IP address, user-agent, route, status code, timing. Retained for 30 days for debugging and abuse investigation, then aggregated.

From third parties

  • Stripe: billing status, last four digits of your card, subscription details. We never receive your full card number.
  • Google sign-in (if you use it): your Google account email and avatar URL.

2. Data we do NOT collect

  • The contents of the third-party apps your workflows interact with. The workflow interpreter runs locally on your phone, not on our servers.
  • Your keystrokes, clipboard, notifications, or screen state — except where a node in a workflow you authored explicitly captures one of those.
  • Location, contacts, photos, microphone, or camera unless a specific trigger you authored uses them (e.g. trigger.locationEnter for geofences).

3. How we use it

  • Operate, maintain, and improve the Service.
  • Authenticate you and sync your workflows across your web session and your Android devices.
  • Process payments and prevent fraud.
  • Enforce our Acceptable Use Policy (denylist enforcement, abuse triage).
  • Send transactional emails: account verification, password reset, billing receipts, security alerts.
  • Send product emails: weekly digests, new features. You can opt out of product emails in Settings.
  • Debug errors. We may correlate request logs with account IDs solely to investigate a specific issue.

4. Who we share it with (sub-processors)

The current sub-processor list is at /legal/subprocessors and is updated as our infrastructure changes. We commit to giving 30 days' advance notice (via this page and via email to account owners) before adding a sub-processor that handles personal data.

We do not sell your data, do not run programmatic-advertising tracking, and do not share data with third parties for their own marketing purposes.

5. Retention

  • Account record: until you delete your account.
  • Workflow definitions and run history: until you delete them, or 30 days after account deletion.
  • Server request logs: 30 days, then aggregated.
  • Audit log entries (security-relevant events): 13 months.
  • Billing records: as required by US tax law (typically 7 years).
  • Marketplace publications: persist publicly until you unpublish, then 30 days for support investigations.

6. Your rights

Depending on where you live, you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Object to certain processing (e.g. product emails).
  • For California residents: the CCPA-specific rights described at §9 below.

To exercise any of these, use the controls in Settings or email privacy@smartordercapture.com. We respond within 30 days.

7. Security

We protect data in transit with TLS, encrypt sensitive fields at rest (Better-Auth session secrets, OAuth refresh tokens, on-device credential storage via Android Keystore), and apply the principle of least privilege internally. See our Security Policy for our vulnerability-disclosure process.

No service is 100% secure; if we discover a breach affecting your data we will notify you within 72 hours of confirmation, in line with applicable law.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, email privacy@smartordercapture.com and we will delete it.

9. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you specific rights:

  • The right to know what personal information we collect, use, disclose, and (we do not) sell.
  • The right to delete your personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale of personal information — we do not sell personal information.
  • The right not to be discriminated against for exercising these rights.

Submit a CCPA request at privacy@smartordercapture.com. We verify identity through your registered account email.

10. International users

Our servers are located in the United States. If you access the Service from outside the US, your data is transferred to the US. We rely on appropriate safeguards (such as standard contractual clauses) where required.

11. Changes

We will post material changes to this policy here and notify account owners by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent change.

12. Contact

smartordercapture, Inc.
Privacy email: privacy@smartordercapture.com