Privacy Policy.
Effective May 17, 2026
Short version: we hold the minimum we need to run Realm, we don't sell your data, and we use a small set of named processors. The details are below.
What we collect.
Email, name, and (optionally) profile photo you upload.
Name, members, roles, and invitations.
Standard server logs - IP, user-agent, timestamps - for security and debugging.
Handled by Stripe and Polar. We store the subscription identifier and status, never card details.
How we use it.
To run Realm, authenticate you, send transactional email (magic links, OTPs, invitations, billing receipts), and provide customer support.
Sharing & processors.
We share data only with the named processors needed to operate the Service. We do not sell your data.
Account data is kept while your account is active. Delete your account from the dashboard to remove personal data - except where retention is required by law or for fraud prevention.
Access, export, or delete your data at any time from the dashboard - no email back-and-forth required.
A small number of first-party cookies for sign-in and theme preference. No third-party tracking or advertising cookies.
This is a starter template. Replace this content with a policy reviewed by your own legal counsel before going to production — especially if you serve users in the EU, UK, or California.