Privacy Policy

Effective Date: January 15, 2026
Last Updated: January 15, 2026

Important Notice

Your privacy is not just a legal requirement for us—it’s a core value. We built Report Factory with a privacy-first approach, collecting only what’s necessary to provide our service. We do not track you, profile you, or sell your data.

1. Introduction

Report Factory (“we,” “our,” or “us”) provides a SaaS platform for creating and managing reports. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services at reportfactory.org.

We are committed to:

• Collecting only the minimum data necessary
• Never selling your personal information
• Being transparent about our practices
• Giving you control over your data

2. Information We Collect

Information You Provide

Data	Purpose	Required
Email address	Account creation, login, notifications	Yes
Name	Personalization, support	Optional
Password (hashed)	Authentication	Yes
Billing information	Payment processing (via Stripe)	For paid plans

Information We Do NOT Collect

• ❌ IP addresses
• ❌ Device fingerprints
• ❌ Browsing history
• ❌ Location data
• ❌ Third-party tracking data

Analytics Data

We use Umami, a privacy-focused analytics platform that:

• Does not use cookies
• Does not collect IP addresses
• Does not collect personal data
• Collects only anonymous, aggregated page view statistics

3. How We Use Your Information

We use your information solely to:

• Provide our service — Create and manage your account
• Process payments — Handle subscriptions and billing
• Communicate with you — Send transactional emails, support responses, and (with consent) product updates
• Improve our service — Analyze anonymous usage patterns to make Report Factory better
• Ensure security — Protect against fraud and abuse

We do NOT use your information to:

• Build advertising profiles
• Sell to third parties
• Track you across websites
• Make automated decisions about you

4. Legal Basis for Processing

Under GDPR, we process your data based on:

Legal Basis	Examples
Contract	Providing the service you signed up for
Legitimate Interest	Security, fraud prevention, service improvement
Consent	Marketing emails (opt-in only)
Legal Obligation	Tax records, legal requests

5. Data Sharing and Disclosure

We share your data only with:

Service Providers

Provider	Purpose	Data Shared
Stripe	Payment processing	Billing info (handled by Stripe)
Email provider	Transactional emails	Email address
Cloud hosting	Infrastructure	Encrypted data at rest

All providers are contractually bound to protect your data and use it only for the specified purpose.

We Never Share Data With

• Advertisers
• Data brokers
• Social media platforms
• Any third party for marketing purposes

Legal Requirements

We may disclose data if required by law, court order, or to protect our legal rights. We will notify you unless legally prohibited.

6. Data Security

We protect your data with:

• Encryption in transit — All data transmitted via TLS 1.3
• Encryption at rest — Database and backups encrypted
• Secure authentication — Passwords hashed with bcrypt
• Access controls — Principle of least privilege
• Regular security reviews — Ongoing vulnerability assessments

7. Data Retention

Data Type	Retention Period
Account data	Until you delete your account
Billing records	7 years (legal requirement)
Support tickets	2 years after resolution
Analytics	Aggregated, anonymous, indefinite

When you delete your account:

• Personal data is deleted within 30 days
• Backups are purged within 90 days
• Billing records retained as required by law

8. Your Rights

You have the right to:

Right	Description
Access	Request a copy of your data
Correction	Update inaccurate information
Deletion	Delete your account and data
Portability	Export your data in a standard format
Objection	Object to certain processing
Withdraw Consent	Unsubscribe from marketing at any time

To exercise these rights, contact us at privacy@reportfactory.org or use the settings in your account dashboard.

9. Cookies and Tracking

We do not use tracking cookies. We use only essential session cookies required for authentication.

Our analytics (Umami) are completely cookie-free and do not track individual users.

See our Cookie Policy for details.

10. Children’s Privacy

Report Factory is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your data may be processed in countries outside your residence. When we transfer data internationally, we ensure protection through:

• Standard Contractual Clauses (SCCs)
• Data processing agreements with all providers
• Selecting providers with strong privacy practices

12. Changes to This Policy

When we update this policy, we will:

• Update the “Last Updated” date
• Notify you via email for material changes
• Provide a summary of what changed

Continued use after changes constitutes acceptance. You can always access the current policy at reportfactory.org/legal/privacy.

13. Contact Information

For privacy-related questions or to exercise your rights:

• Email: privacy@reportfactory.org
• Website: reportfactory.org/contact

We aim to respond to all requests within 30 days.

---

Our Privacy Commitment

We believe privacy is a fundamental right, not a feature to be traded away. That’s why we:

• ✅ Collect only what we need
• ✅ Never sell your data
• ✅ Use privacy-respecting analytics
• ✅ Don’t track IPs or use cookies for tracking
• ✅ Give you full control over your data

Your data belongs to you.