Privacy Policy

Last updated: 2026-05-31

Lathe Studio ("we", "us") operates a B2B test management platform. This policy explains what personal data we collect, how we use it, and what rights you have. This document is a placeholder pending legal review and is not a binding privacy notice.

What We Collect

Account data: name, email, organization, role (provided via Clerk authentication). Usage data: pages viewed, actions taken, IP address, user-agent (server logs). Integration data: when you connect Jira/Bitbucket/Azure DevOps, we store OAuth tokens encrypted at rest. We do NOT store payment card details — those are handled by Stripe.

How We Use Your Data

To provide the service you signed up for. To communicate operational notices (account changes, security alerts, billing). To improve product quality via aggregate analytics — never to sell or share with third-party advertisers.

How We Protect Your Data

All data is encrypted in transit (TLS 1.2+) and at rest (Supabase-managed Postgres encryption). Access is controlled via row-level security policies and audited. See our Security page for the full security model.

Your Rights

You can access, export, correct, or delete your personal data at any time. To exercise these rights, email hello@lathe.studio with your account email. EU residents have additional rights under GDPR; UK residents under UK GDPR; California residents under CCPA. We honor all of them.

Data Transfers

Data is processed on Supabase infrastructure (US/EU regions, depending on your account). Stripe processes payments in the US under standard contractual clauses for EU data.

Contact

Privacy questions: hello@lathe.studio Data subject requests: hello@lathe.studio (use subject line "GDPR Request" or "CCPA Request")