Privacy Policy
1. What We Collect
When you use our Services, we may collect:
- Account information: name, email address, username
- Usage data: pages visited, features used, timestamps
- Content you submit: tasks, files, notes, and other data you enter into the Services
- Technical data: IP address, browser type, device type
- Communications: emails or messages you send to us
2. How We Use It
We use your information to:
- Provide and operate the Services
- Send transactional emails (account confirmations, password resets, notifications you configure)
- Respond to support requests
- Improve and secure the Services
- Comply with legal obligations
We do not use your data for advertising or sell it to third parties.
3. Sharing
We do not sell or rent your personal information. We may share data with:
- Sub-processors: third parties that help us operate the Services (cloud hosting, email delivery, payment processing). The current list is published at /sb/sub-processors and is updated when we add or remove a provider.
- Legal requirements: if required by law, court order, or to protect the rights and safety of Seraph Solutions or others
We do not access your workspace content for any purpose other than rendering the service to you and your authorized workspace members.
4. Data Storage
Production data is hosted with Amazon Web Services in the US-West-2 region. Encrypted off-site backups are stored separately in the US-East-2 region. We will update this policy to reflect any material change in data storage location.
5. Security
We implement technical and organizational measures to protect your data, including:
- Encryption in transit: all connections use TLS (HTTPS).
- Encryption at rest: All content stored in the Rispah customer database (workspaces, boards, items, comments, attachments, audit log) is encrypted at rest using SQLCipher (AES-256). Off-site backups of that database are additionally Fernet-wrapped (AES-128) with a separate key managed off-host. Note that this Privacy Policy covers the Rispah service; Seraph Solutions' separate marketing and tools-directory sites have their own data-handling described on those properties.
- Authentication: per-account login throttling, two-factor authentication required for owner and admin roles, and CSRF protection on all state-changing requests.
- Audit logging: we record access to login, two-factor, billing, member-role, and share-link events. Audit records are retained for one year.
No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
6. Data Retention
We retain account and content data for as long as your account is active or as needed to provide the Services. Audit log records are retained for one year. You may request deletion of your account and associated data by contacting us at info@seraphsolutions.tech.
7. Your Rights
Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at info@seraphsolutions.tech. We will respond within a reasonable timeframe.
8. Cookies
The Services use session cookies to keep you logged in. We do not use third-party tracking or advertising cookies.
9. Children
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13.
10. Changes
We may update this Privacy Policy from time to time. Continued use of the Services after changes constitutes acceptance of the updated policy.
11. Contact
Seraph Solutions LLC — info@seraphsolutions.tech