LonghandLonghand

Privacy Policy

Last updated: March 17, 2026

1. Data Controller

Longhand ("we", "us", or "our") is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at privacy@longhand.dev.

2. What Data We Collect

We collect the following types of personal data:

  • Account Information: Email address, name, and password hash when you create an account
  • Usage Data: Information about how you use our services, including features accessed and time spent
  • Technical Data: IP address, browser type, operating system, and device information
  • Payment Data: Billing information processed securely through our payment provider (Stripe)
  • Content: Documents and files you create within the application (stored locally or synced if you opt-in)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our services to you
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate Interests: For improving our services, security, and fraud prevention
  • Legal Obligation: Where we are required to process data by law

4. Data Sharing

We may share your data with:

  • Service Providers: Third-party vendors who assist in providing our services (e.g., hosting, payment processing)
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Account data is retained for the duration of your account plus 30 days after deletion. Usage logs are retained for 90 days.

6. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@longhand.dev.

7. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments.

9. Contact Us

For any questions about this privacy policy or to exercise your rights, please contact:
Email: privacy@longhand.dev
You also have the right to lodge a complaint with your local data protection authority.