Privacy Policy
Version 1.0.0 · Effective date: 2026-05-09 · Narrow Bridge Media, Inc.
1. Information We Collect
We collect only what is necessary to provide the Freelancer Dashboard service.
| Category | Examples | Purpose |
|---|---|---|
| Account identifiers | Email address, display name | Authentication, account management |
| Financial data | Income amounts, expense records, invoices, client names | Core service — freelance business tracking |
| Payment information | Stripe customer ID, subscription status | Subscription billing (Stripe processes raw card data) |
| Usage data | Pages visited, feature interactions (GA4 — consent-gated) | Product improvement (only with explicit consent) |
| Technical data | IP address, browser type, session cookies | Security, fraud prevention, session management |
| Communications | Support emails, feedback submissions | Customer support |
2. How We Use Your Information
- Provide, operate, and improve the Freelancer Dashboard service.
- Process subscription payments via Stripe.
- Send transactional emails (account activation, password reset, invoices) via Amazon SES.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
- Analytics (only with your explicit consent; you may withdraw at any time).
3. Third-Party Processors (Subprocessors)
We do not sell or share your personal information with third parties for monetary compensation or for cross-context behavioral advertising. We share your personal data only with the trusted subprocessors listed below, each bound by a Data Processing Agreement (GDPR Art. 28) or equivalent contractual data-protection obligations.
This list is kept up to date and reflects the subprocessors currently used by the Service. If you have questions about any processor or wish to exercise your data subject rights, contact us at privacy@freelancerdashboard.com.
| Processor | Service Purpose | Data Types Shared | Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Subscription billing and payment processing | Name, email address, billing address, payment-card metadata (last 4 digits, card type, expiry); raw card numbers never touch our servers | stripe.com/privacy |
| Amazon Web Services — SES | Transactional email delivery (account, billing, magic-link, notifications) | Recipient email address, email subject and body content | aws.amazon.com/privacy |
| Amazon Web Services — S3 | File attachment storage and encrypted database backups | User-uploaded files (e.g., invoice logos); encrypted backup data | aws.amazon.com/privacy |
| Teller Technologies, Inc. (Teller.io) | Bank account connection and transaction synchronization (optional feature) | Bank institution name, account type, masked account identifiers, transaction history (amounts, dates, merchant names), encrypted bank access tokens | teller.io/legal/privacy |
| Google LLC — OAuth 2.0 | User authentication via Google sign-in | Google account identifier (subject ID), email address, display name, OAuth access and refresh tokens | policies.google.com/privacy |
| Cloudflare, Inc. — Turnstile | Bot detection and abuse prevention on forms (strictly necessary) | Browser fingerprint signals, IP address, user-agent string, interaction behavior patterns; no account PII transmitted | cloudflare.com/privacypolicy |
Google Analytics 4 (consent-gated): If you grant analytics consent, we also use Google Analytics 4 with IP anonymization for aggregate product analytics. Analytics data is associated with a randomized client identifier and is not linked to your name or email address. You can withdraw consent at any time from the cookie banner.
4. Data Retention
We retain your account data for as long as your account is active. On account deletion, personal data is removed within 30 days, except where we are legally required to retain it (e.g., financial records for tax compliance). Anonymized aggregates may be retained indefinitely.
5. Security
We implement industry-standard security controls including TLS in transit, hashed passwords (Argon2), CSRF protection, Content Security Policy headers, and rate limiting. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
6. GDPR — EEA and UK Residents
If you are located in the European Economic Area or United Kingdom, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing or withdraw consent at any time. To exercise these rights, email privacy@freelancerdashboard.com.
Our legal bases for processing are: performance of a contract (providing the service), legitimate interest (fraud prevention, security), and consent (analytics cookies).
7. CCPA / CPRA — California Residents
This section supplements the rest of this Privacy Policy and applies only to California residents under the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq., as amended by the CPRA).
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers — email address, account username.
- Commercial information — income records, expense records, invoices, client names, subscription history.
- Internet or other electronic network activity — IP address, browser type, pages visited (analytics only with consent).
- Financial information — Stripe customer ID, subscription tier; raw payment card data is processed exclusively by Stripe and never stored on our systems.
- Inferences — subscription tier derived from payment history.
Purposes for Collection
We collect personal information for the following business purposes:
- Providing and operating the Freelancer Dashboard service.
- Processing payments and managing subscriptions.
- Sending transactional emails (account management, invoices).
- Security and fraud detection.
- Legal compliance.
- Analytics and product improvement (with consent only).
Sale or Sharing of Personal Information
We do not sell or share California residents' personal information with third parties for monetary compensation or for cross-context behavioral advertising as defined by CCPA §1798.140.
Your California Privacy Rights
As a California resident, you have the right to:
- Know / Access (§1798.110) — request disclosure of the categories and specific pieces of personal information we have collected about you.
- Delete (§1798.105) — request deletion of your personal information subject to certain exceptions.
- Correct (§1798.106) — request correction of inaccurate personal information.
- Opt Out (§1798.120) — opt out of the sale or sharing of your personal information (we do not sell or share, so this right is already satisfied).
- Limit Use of Sensitive Personal Information (§1798.121) — we do not use sensitive personal information beyond what is necessary to provide the service.
- Non-Discrimination (§1798.125) — we will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
Submit a request at Do Not Sell or Share My Personal Information or email privacy@freelancerdashboard.com. We will verify your identity before processing a deletion or access request and will respond within 45 days. We may extend the response period by up to 45 additional days (90 days total) with written notice.
You may designate an authorized agent to submit a request on your behalf. We will require written authorization or a power of attorney and may verify your identity directly.
Retention of CCPA Request Records
We retain records of all CCPA requests and our responses for 24 months as required by Cal. Civ. Code §1798.105(d) and applicable regulations.
8. Changes to This Policy
We may update this Privacy Policy periodically. We will notify registered users of material changes via email and update the effective date at the top of this page.
9. Contact
For privacy-related questions or to exercise your rights:
privacy@freelancerdashboard.com
Narrow Bridge Media, Inc. — 9452 Telephone Rd #164, Ventura, CA 93004, USA
This Privacy Policy is version 1.0.0, effective 2026-05-09.