Porch← Home
Legal

Privacy Policy

Effective April 26, 2026.

This explains what data Porch collects, how it’s used, who processes it on our behalf, and the rights you have over it. Porch is operated by Vanillum Studio, a Delaware corporation (“we,” “us”).

1. What we collect

Account data. When you sign up, we store your email address and the metadata of the workspace you create (workspace name, billing plan, creation date).

Track data. The content you push through the SDK or API — step names, narration, progress numbers, summary and CTA. This is the data we render on the public track URL. We do not inspect it for advertising or training purposes.

Usage data. Standard server logs — IP address, user agent, request path, timestamp — used for security, debugging, and abuse prevention. We retain logs for up to 90 days.

Billing data. If you subscribe, Stripe collects your payment details directly. We never see card numbers; we receive only customer IDs, subscription status, and the last four digits for receipts.

2. How we use it

To run the service, render your tracks, send transactional emails (sign-in links, billing receipts, security notices), bill you for paid plans, support you when you ask, and enforce these terms. We do not sell personal data and we do not use customer data to train AI models.

3. Subprocessors

We use a small set of vendors to run the product. Each is contractually bound to handle data only as needed to deliver their service.

4. Cookies

We use cookies only for what the product needs to function: a session cookie set by Supabase Auth so you stay signed in, and a preference cookie that remembers your color-scheme choice. No analytics, advertising, or cross-site tracking cookies.

5. Public track URLs

Track URLs are unguessable but unauthenticated by default — anyone with the link can read them. Don’t put data in a track that you wouldn’t want a recipient to forward. Tracks are retained for the period associated with your plan and then deleted; you can also delete a track manually from the dashboard at any time.

6. Data retention

We keep account data while your account is open and for a short wind-down period after closure (typically 30 days) so you can recover from accidental deletion. Track content follows the per-plan retention window listed in the dashboard. Server logs are retained for up to 90 days. Billing records are retained for as long as tax and accounting law requires.

7. International transfers

Our infrastructure is hosted in the United States. If you access Porch from outside the US, the data you submit will be transferred to and processed there. By using the service you consent to that transfer.

8. Your rights

You can access, correct, export, or delete your account data from the dashboard, or by emailing us. Depending on where you live (notably the EU/UK under GDPR, or California under CCPA), you may have additional rights — including the right to object to processing, restrict it, or lodge a complaint with a supervisory authority. We’ll honor those requests within the timeframes the law requires.

9. Children

Porch is a B2B developer tool. It’s not directed at children under 16, and we don’t knowingly collect data from them. If you believe a child has signed up, contact us and we’ll delete the account.

10. Security

Data is encrypted in transit (TLS) and at rest. Internal access is limited to what’s needed to operate the service. No system is perfectly secure; if we discover a breach affecting your data, we’ll notify you without undue delay.

11. Changes

We’ll post material changes at this URL with a new effective date and, where reasonable, notify you by email. Continued use after the change means you accept the updated policy.

12. Contact

Privacy questions, data requests, or breach reports: alex@vanillum.studio.

See also: Terms of Service.