Privacy Policy

The Short Version

We collect what we need to run cStar. Nothing more.
We don't sell your data. Ever. Not even a little bit.
Your customer data belongs to you. We're just holding it for safekeeping.
You can export or delete your data anytime. No hoops to jump through.

What We Collect

Account Information

When you sign up, we collect your email address and whatever name you give us. We use this to identify your account and send you important stuff (like password resets, not spam).

Team & Customer Data

This is the data you and your team put into cStar — tickets, customer info, Library articles, messages. This data is yours. We process it to make the app work, but we don't peek at it for marketing or sell it to anyone.

Usage Data

We track how you use cStar (which features, how often) to understand what's working and what needs improvement. This is aggregated and anonymized. We're not building a profile on you — we're just trying to make the product better.

Gamification Data

XP, levels, achievements, boss battles, streaks — all the fun stuff. This stays within your team and is used to power the gamification features. We don't share your leaderboard position with anyone outside your team (unless you want us to).

What We Don't Do

✕ Sell your data to third parties

✕ Use your data for targeted advertising

✕ Read your tickets or messages for our own purposes

✕ Share your information with data brokers

✕ Train AI models on your data without explicit consent

How We Protect Your Data

Your data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use Supabase for our database, which provides enterprise-grade security with SOC 2 Type II compliance. Access to production data is strictly limited and logged.

We don't store passwords — we use secure hashing (bcrypt). If someone compromises our database, they still can't see your password.

Your Rights

You can:

Export your data — Get a copy of everything in your account
Delete your data — Remove your account and all associated data
Correct your data — Fix any inaccuracies (or just edit it yourself in the app)
Restrict processing — Ask us to limit how we use your data

Just email privacy@cstar.help and we'll sort it out. No forms to fill, no waiting periods, no "we'll get back to you in 30 business days."

Cookies

We use cookies for:

Authentication — Keeping you logged in
Preferences — Remembering your settings (like dark mode)
Analytics — Understanding how people use cStar (anonymized)

We don't use tracking cookies for advertising. No cookie banners that follow you around the internet. No "accept all" dark patterns.

Third-Party Services

We use a few services to run cStar:

Supabase — Database and authentication
Vercel — Hosting
Stripe — Payment processing (we never see your full card number)

Each of these has their own privacy policies and security certifications.

Data Retention

We keep your data as long as your account is active. If you delete your account, we remove your data within 30 days (some may persist in backups for up to 90 days, then it's gone for good).

We may retain anonymized, aggregated data indefinitely for analytics purposes — but this can't be traced back to you or your team.

Children's Privacy

cStar is a business tool. We don't knowingly collect data from anyone under 16. If you discover we've accidentally collected data from a minor, let us know and we'll delete it immediately.

Changes to This Policy

If we make significant changes, we'll notify you via email and update the "last updated" date above. We won't sneak in changes — that's not the cStar way.

Contact Us

Questions? Concerns? Just want to chat about data privacy over virtual coffee?

Email: privacy@cstar.help

Response time: Usually within 24 hours (we actually read these)

"Stay calm." — We take your privacy seriously, but we also believe in keeping things simple. If anything here is confusing, that's on us. Reach out and we'll explain it better.