Privacy Policy

Effective 2026-05-02. Applies to Noisedeck, Groundsquirrel Cloud, Shuffleset, and other services operated by Noise Factor LLC.

1. What we collect

• Account data: email address, username, hashed password.
• Subscription data: tier, status, billing history. Payment card details are never stored on our systems; they are handled directly by Stripe.
• Service usage: requests, errors, performance metrics, and audit logs (e.g., sign-in events, configuration changes). Used to operate, secure, and improve the services.
• Tenant content (Groundsquirrel Cloud): the files, configurations, and member data you upload or generate. We process this only as needed to deliver the service to you.

2. What we do not collect

• Full payment card numbers (handled by Stripe).
• Third-party advertising or marketing tracking identifiers; we do not use ad networks.
• Sensitive personal information (health, biometric, government IDs) — we do not request these.

3. How we use it

• To operate the services (authentication, content delivery, billing).
• To communicate with you (account confirmations, security alerts, invoices, occasional product updates — you can unsubscribe from non-essential email).
• To detect and prevent abuse, fraud, and security incidents.
• To comply with legal obligations.

4. Cookies and similar technologies

We use a single first-party session cookie for authentication. We do not use third-party analytics, advertising, or social-media tracking cookies.

5. Third-party services

• Stripe — payment processing. Data shared: email, billing address (collected by Stripe Checkout), subscription identifiers.
• Amazon Web Services (AWS) — Simple Email Service (SES) — transactional email delivery (sign-up confirmations, password resets, billing receipts). Data shared: recipient email and message contents.
• Linode (Akamai) — server hosting and infrastructure.
• Cloudflare / Let's Encrypt — TLS certificates.

Each of these providers has its own privacy policy; we recommend you review theirs as well.

6. Data sharing

We do not sell, rent, or trade personal data. We share data only:

• With the third-party processors listed above, strictly to operate the services.
• When required by law (e.g., subpoena, court order) — we will provide notice unless legally prohibited.
• In connection with a merger, acquisition, or sale of assets, in which case the acquirer assumes the obligations of this policy.

7. Data retention

Account and subscription data is retained while your account is active. After deletion, we remove personal data within 30 days, except where retention is required for legal, accounting, or fraud-prevention purposes (typically up to 7 years for billing records). Tenant content is deleted within 30 days of account closure.

8. Your rights

You can:

• Access your data — email team@noisefactor.io and we will provide a copy within 30 days.
• Correct data — most data can be edited from your account dashboard; otherwise email us.
• Delete your account and data — from the dashboard, or by emailing us.
• Export tenant content — request a download from us.
• Object to processing or restrict it where applicable under GDPR / CCPA.

9. Security

We use TLS for all traffic, encrypted-at-rest databases, hashed passwords (bcrypt), and rotate access credentials regularly. Despite our best efforts, no system is fully secure; if a breach materially affects your data, we will notify you within 72 hours of confirming the incident.

10. International transfers

Our services are operated from the United States. By using them, you consent to the transfer and processing of your information in the US under US law.

11. Children

The services are not directed to children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

12. Changes

We may update this Policy. Material changes will be announced by email and on this page.

13. Contact

Noise Factor LLC — team@noisefactor.io