Legal

Privacy Policy

Effective date: April 19, 2026

ProductionPal (“we”, “us”, or “our”) operates the productionpal.io website and the ProductionPal platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide

  • Account data: name, email address, and password when you register.
  • Company data: company name, address, VAT/tax ID, and logo when you create a company workspace.
  • Content: productions, gear items, crew details, budgets, invoices, quotes, and other data you enter into the Service.
  • Communications: messages, feedback, and support requests you send to us.

Information collected automatically

  • Usage data: pages visited, features used, timestamps, and interaction patterns.
  • Device data: browser type, operating system, IP address, and device identifiers.
  • Cookies: essential session cookies for authentication and optional analytics cookies (see Section 7).

Information from third parties

  • OAuth providers: if you sign in via Google or another OAuth provider, we receive your name, email address, and profile picture as permitted by the provider.
  • Payment processors: we use third-party payment processors (e.g., Stripe) that may share transaction-related information with us. We do not store full credit card numbers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Create and manage your account and company workspace.
  • Process transactions and send related notifications.
  • Respond to support requests and communicate with you about the Service.
  • Monitor usage patterns to improve performance, reliability, and security.
  • Detect, prevent, and address fraud, abuse, and technical issues.
  • Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your production content to train machine-learning models.

3. How We Share Your Information

We may share your information only in the following circumstances:

  • Service providers: with trusted vendors who perform services on our behalf (hosting, email delivery, payment processing, analytics) under contractual obligations to protect your data.
  • Within your company workspace: your name and activity are visible to other members of the same company workspace in the Service. You control what data is entered.
  • Legal compliance: when required by law, regulation, legal process, or enforceable governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Financial records (invoices, quotes, audit trails) are retained for a minimum of seven (7) years to comply with applicable accounting and tax regulations.

When you delete your account, we will remove or anonymize your personal data within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest.
  • Secure password hashing (bcrypt).
  • Role-based access controls and multi-tenant data isolation.
  • Regular security reviews and dependency audits.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (subject to legal retention requirements).
  • Export your data in a portable format.
  • Restrict or object to certain processing activities.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies

We use the following categories of cookies:

  • Essential cookies: required for authentication, security, and core functionality. These cannot be disabled.
  • Analytics cookies: help us understand how the Service is used so we can improve it. You may opt out of analytics cookies through your browser settings.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking.

8. International Data Transfers

Our servers are located in the European Union. If you access the Service from outside the EU, your information may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for any data transfers in accordance with applicable data protection laws, including the GDPR.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

[email protected]