Last updated: placeholder
Profile information (name, email, avatar), the folders and records you create, file attachments you upload, permission grants, and an audit log of mutations. Encrypted fields are stored as AES-256-GCM ciphertext when the master key is configured.
Row-level security enforces permissions at the database layer. Users only see folders and records that have been explicitly granted to them. Administrators can see all content.
Every mutation (folder/record creation, edits, permission changes, imports, etc.) is recorded in the audit log. The audit log is only visible to administrators.
Trashed items stay recoverable until an administrator permanently deletes them. Permanent deletion removes the row from the database; attachments in storage are cleaned up where possible.
This is a placeholder. Replace this page with your organisation's real privacy policy before going to production.