Privacy Policy

1. Who We Are

ClearStride Tools ("ClearStride Tools," "we," "us," or "our") operates the clearstridetools.com marketing website and the Baseline Suite of SaaS products: BaselineDocs (document control), BaselineReqs (requirements management), and BaselineInventory (inventory and operations management).

For questions about this policy, contact us at privacy@clearstridetools.com.

2. Scope of This Policy

This Privacy Policy applies to:

• The clearstridetools.com marketing website and any pages hosted on it.
• The Baseline Suite products accessed by authorised users under a tenant organisation account.
• Interactions with our support channels, including email.

It does not apply to third-party websites, services, or content that we link to. Those third parties have their own privacy policies, which we encourage you to review.

Controller vs. Processor

For the personal data of your end users and the content your organisation stores in the Baseline Suite, your organisation is the data controller and ClearStride Tools acts as a data processor on your behalf. Our Data Processing Agreement (available on request at privacy@clearstridetools.com) governs that relationship. For data we collect directly — such as account registration data and marketing site analytics — ClearStride Tools is the controller.

3. Data We Collect

3.1 Account and Registration Data

When an organisation subscribes to the Baseline Suite, we collect information about the account administrator, including name, business email address, company name, and billing information. Additional users are invited by the administrator; we collect their name and email address when they join.

3.2 Content Data

The Baseline Suite stores documents, files, requirements, inventory records, and other content ("Customer Data") that you and your users upload or create. Customer Data belongs to your organisation. We process it only to operate the Service.

3.3 Usage and Log Data

We automatically collect technical data to operate and improve the Service, including:

• IP addresses and approximate geolocation (country/region).
• Browser type, operating system, and device type.
• Pages viewed, features used, and timestamps of activity.
• Error reports and performance metrics.

3.4 Billing Data

Payment card details are collected and stored by Stripe, our payment processor. We do not store full card numbers on our systems. We retain records of subscription plans, seat counts, and invoice history.

3.5 Communications Data

If you contact us by email or through a support channel, we retain the contents of that communication and your contact details in order to respond and maintain a record of our support interactions.

3.6 Marketing Site Data

Visitors to clearstridetools.com may have aggregate page-view analytics collected (without cookies, via privacy-respecting analytics). We do not use cross-site tracking or advertising pixels on this site.

4. How We Use Data

We use the data we collect to:

• Provide the Service: Authenticate users, store and retrieve content, enforce access controls, and operate product features.
• Billing and account management: Process payments, manage subscriptions, and send invoices and billing notices.
• Support: Respond to enquiries, diagnose technical issues, and resolve disputes.
• Security and fraud prevention: Detect and prevent unauthorised access, abuse, and other harmful activity.
• Service improvement: Understand how features are used and identify areas for improvement. We use aggregate, de-identified data for this purpose.
• Legal compliance: Meet obligations under applicable law, respond to lawful requests, and enforce our Terms of Service.
• Communications: Send transactional messages (account confirmations, password resets, subscription changes). We may send product update notices to account administrators; these can be opted out of by contacting us.

We do not sell, rent, or trade personal data. We do not use Customer Data to train machine learning models. We do not serve advertising to users of the Baseline Suite.

5. Legal Bases (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases:

• Contract performance: Processing necessary to provide the Service under our agreement with your organisation.
• Legitimate interests: Operating, securing, and improving the Service; communicating about material changes; and fraud prevention — where those interests are not overridden by your rights.
• Legal obligation: Compliance with applicable law.
• Consent: Where we rely on consent (for example, optional marketing communications to individuals), you may withdraw it at any time without affecting the lawfulness of prior processing.

6. Sharing & Sub-Processors

We share data with third-party sub-processors only as necessary to operate the Service. Our current sub-processors include:

• Supabase — database hosting and authentication infrastructure.
• Vercel — application hosting and edge delivery.
• Stripe — payment processing and subscription management.
• Resend — transactional email delivery.
• Sentry — error monitoring and diagnostics.

Each sub-processor is bound by contractual obligations to protect personal data consistent with this policy and applicable law. We may update this list as our infrastructure changes; material changes will be reflected in an updated version of this policy.

We may also disclose data when required by law, court order, or regulatory authority, or to protect the rights, property, or safety of ClearStride Tools, our users, or the public.

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, subject to the same privacy protections.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

• Active accounts: Data is retained for the duration of the subscription.
• After cancellation: Customer Data is retained for 30 days following cancellation to allow for reactivation or export, then permanently deleted unless a longer period is required for legal or compliance purposes.
• Billing records: Retained for 7 years to comply with financial recordkeeping requirements.
• Support communications: Retained for 3 years.

Organisations may request earlier deletion of their Customer Data by contacting privacy@clearstridetools.com.

8. Security

We implement technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS 1.2+) and at rest.
• Role-based access controls enforced at the database and application layer.
• Multi-tenant data isolation — each organisation's data is logically separated.
• Regular security monitoring and error alerting via Sentry.
• Restriction of sub-processor access to only the data required to perform their functions.

No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at privacy@clearstridetools.com.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

For data processed on behalf of your organisation (Customer Data), requests should first be directed to your organisation's account administrator, who controls that data. We will assist administrators in fulfilling data subject requests as required by applicable law.

For data for which ClearStride Tools is the controller, submit requests to privacy@clearstridetools.com. We will respond within 30 days, or as required by law.

If you are in the EEA or UK and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority.

10. Cookies

The Baseline Suite applications use a minimal set of cookies:

• Authentication cookies: Session tokens required to keep you signed in. These are strictly necessary and cannot be disabled without breaking the Service.
• CSRF protection tokens: Short-lived tokens that protect against cross-site request forgery.

We do not use advertising cookies, third-party tracking pixels, or analytics cookies that follow you across websites. The clearstridetools.com marketing site does not set cookies.

11. Children's Privacy

The Baseline Suite is designed for use by organisations and their employees. It is not directed at, and we do not knowingly collect personal data from, individuals under the age of 16. If you believe we have inadvertently collected data from a minor, contact us at privacy@clearstridetools.com and we will take prompt action to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and notify tenant administrators by email at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated policy.

For non-material changes (such as clarifications, typo corrections, or updated sub-processor lists), we will update the policy without separate notification.

13. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out: