Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Hosten Growth Partners ("we," "us," "our") collects, uses, and protects personal information when you use Mainspring (the "Service"). If you have questions, contact us at support@hostengp.com.

1. Information we collect

We collect the following categories of information:

• Account information: name, email address, password (hashed), and organization name when you sign up.
• Workspace content: projects, tasks, comments, attachments, time entries, invoices, and other data you or your teammates create inside the Service.
• Billing information: if you subscribe to a paid plan, we collect billing contact details. Card numbers are collected and stored by our payment processor (Stripe), not by us.
• Usage data: log data such as IP address, browser type, pages visited, and timestamps. This is used to operate and improve the Service.
• Cookies: we use first-party cookies to keep you signed in. We do not use third-party advertising or tracking cookies.

2. How we use information

• To provide, maintain, and improve the Service.
• To authenticate you and protect your account against unauthorized access.
• To send transactional emails (account confirmation, password reset, billing receipts, important service notices). We do not send marketing emails without your consent.
• To comply with legal obligations and enforce our Terms.

3. How we share information

We do not sell your personal information. We share information only with the third-party service providers we rely on to operate the Service (collectively, our "sub-processors"):

• Supabase — database, authentication, file storage. Hosted in the United States.
• Vercel — application hosting and serverless compute.
• Stripe — payment processing.
• Resend — transactional email delivery.

Each of these sub-processors operates under their own privacy and security commitments. We may also disclose information when required by law or to protect rights, property, or safety.

4. Data retention

We retain your account and workspace data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., billing records). Backups may persist for up to 30 days after deletion before being overwritten.

5. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete your personal information. To exercise any of these rights, email support@hostengp.com. We will respond within 30 days.

• EU/UK (GDPR): you also have the right to lodge a complaint with your local data protection authority.
• California (CCPA):you have the right to know what personal information we collect, to request deletion, and to opt out of the "sale" of personal information (we do not sell personal information).

6. Security

We use industry-standard security practices: TLS in transit, encryption at rest, row-level security in our database, and least- privilege access for our team. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify affected users without undue delay.

7. Children's privacy

The Service is not intended for individuals under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. International users

The Service is operated from the United States. By using the Service, you consent to the transfer and processing of your information in the United States.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before taking effect.

10. Contact

Hosten Growth Partners
[Mailing address — fill in before launch]
support@hostengp.com

See also our Terms of Service.