Privacy policy

Last updated · April 25, 2026

We built ClientTab to be calm — that includes how we treat your data. This page is our straightforward account of what we collect, why, and what we never do with it. If anything reads ambiguously, email support@clienttab.org and we'll clarify (and probably edit this page).

What we collect

• Account info: email, name, company name. Provided by you at sign-up or by your agency owner if you joined as a team member. Authentication runs through Clerk.
• Workspace data: clients, tasks, files, comments, invoices, meeting metadata you create inside the product. Stored in our Postgres database.
• Billing: subscription state and the last 4 digits of cards. Full card details live with Stripe — we never see them.
• Email engagement: when transactional email is sent, opened, clicked, or bounced (via Resend). Used to debug delivery, never sold.
• Operational logs: IP, user agent, timestamps, error traces. Auto-deleted after 30 days.

What we never do

• Sell, rent, or share your data with advertisers.
• Read the contents of your client portals or messages for any reason other than fixing a bug you reported.
• Train models on your workspace data.
• Send marketing email without explicit opt-in.

Service providers

We work with a small number of trusted providers to operate the service (e.g. authentication, payments, email, hosting). Each is contractually bound to handle your data securely and only for the purpose of delivering the product to you. A current list is available on request to support@clienttab.org.

Data retention

Workspace data persists while your account is active. When you delete your workspace, content is removed from our database within 30 days; backups roll off within 60 days. Operational logs roll off within 30 days.

Your rights

You can export, modify, or delete your data at any time. For team members, the agency owner controls workspace data (you can leave and we'll remove your account on request). To exercise any right, email support@clienttab.org.

Cookies

We use first-party cookies for authentication (Clerk session) and for remembering UI preferences. We do not use ad cookies or third-party analytics with cross-site tracking.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to a small team and audited. Report a vulnerability to support@clienttab.org — we'll respond within 72 hours.

Changes

We'll update this page as the product changes. Material changes (new sub-processor, new data category) will be announced by email to account owners 30 days before they take effect.

Contact

Questions about privacy: support@clienttab.org.