ReadFort LogoReadFort

Privacy Policy

Last updated: March 9, 2026

1. Introduction

ReadFort, Inc. ("ReadFort," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document management and compliance platform. Please read this policy carefully. By using ReadFort, you consent to the practices described herein.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Company or organization name
  • Password (stored in hashed form — we never store plaintext passwords)

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We receive only a Stripe customer identifier and subscription status.

Documents and Files

We store the documents you upload to the Service, along with associated metadata (file name, size, type, tags, categories, and folder structure). Your documents are stored in isolated, access-controlled storage and are only accessible by your account.

Usage and Audit Data

We automatically collect activity logs including document uploads, downloads, edits, and deletions. This audit trail is a core feature of the Service and is available to you for compliance purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Generate audit logs and compliance reports
  • Send transactional emails (account verification, password resets, billing notices)
  • Respond to your support requests
  • Monitor and enforce storage limits
  • Detect, prevent, and address security incidents or technical issues

We do not sell your personal information. We do not use your uploaded documents for advertising, training machine learning models, or any purpose other than providing the Service to you.

4. Data Sharing and Disclosure

We may share your information only in the following circumstances:

  • Service providers: We use third-party services (Supabase for database and storage, Stripe for payments, Resend for transactional email) that process data on our behalf under strict confidentiality agreements.
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: We may share information when you explicitly direct us to do so.

5. Data Security

We implement industry-standard security measures to protect your data, including AES-256 encryption at rest, TLS 1.2+ encryption in transit, and row-level security policies that ensure users can only access their own data. Our infrastructure is hosted on SOC 2 Type II certified platforms. For more details, see our Security page.

6. Data Retention

We retain your account information and documents for as long as your account is active. Upon account termination, you have 30 days to export your data. After this period, we will permanently delete your documents and personal data from our systems within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our terms).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request your data in a structured, commonly used format
  • Objection: Object to processing of your personal data in certain circumstances

To exercise any of these rights, contact us at privacy@readfort.com.

8. Cookies and Tracking

ReadFort uses essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics that follow you across the web. We may use basic, privacy-respecting analytics to understand aggregate usage patterns and improve the Service.

9. Children's Privacy

ReadFort is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@readfort.com.