Privacy policy

Smooth Rise ("we", "us") operates smoothriseapp.com and the Smooth Rise product. This policy explains what we collect, how we use it, and the controls you have over your data. We aim for plain English over legal jargon — but this document is part of our terms.

If you represent a workspace, you are the data controller for the content your team enters. We act as the processor on your behalf.

We collect three categories of data:

• Account data — name, email, password hash, authentication metadata, and the role you select on signup.
• Workspace data — workflows, SOPs, bottlenecks, handoffs, automation suggestions, weekly reviews, settings, and the activity log of structural changes inside your workspace.
• Operational telemetry — error reports, page performance, and login records used to keep the product available and secure. This never includes keystrokes, screen recordings, or behavioral tracking of individual employees.

Account data is used to authenticate you, send transactional emails (e.g. password resets and weekly review reminders you opt into), and protect against abuse. We do not sell account data and we do not share it with advertisers.

Workspace content belongs to your team. It is scoped to the workspace it was created in and protected by row-level security at the database. We use it only to:

• Render your team's dashboards, workflows, and SOPs.
• Generate the operational suggestions shown inside the app.
• Provide support when you ask us to look at something.

We never share workspace data across tenants, never use it to train public AI models, and never sell it.

We use a small number of strictly necessary cookies and local storage entries:

• Authentication tokens to keep you signed in.
• Active workspace selection so the right workspace loads.
• Anonymous error and performance reporting.

We do not use third-party advertising cookies. We do not run cross- site tracking or build behavioral profiles.

AI-assisted features are opt-in and disclosed in Settings. When AI is enabled, only the workspace content needed to generate the requested suggestion is sent to the configured provider, and only at the moment it is requested. Workspace content is never sent to third-party AI providers by default. See the security page for details.

We retain workspace data for as long as the workspace exists. Once a workspace is deleted, its content is removed from primary databases within 30 days and from encrypted backups within 90 days.

Account data is retained while your account is active. Closed accounts are deleted within 90 days, except where law requires longer retention (e.g. tax records).

Owners can export the full workspace as JSON from Settings → Data & privacy at any time. Workspace deletion is also available from the Danger zone in Settings and is permanent.

For written confirmation of deletion or any data subject request, email legal@smoothriseapp.com. We respond within 30 days.

Data is encrypted in transit and at rest. Access is limited to the smallest team needed to operate the service. We do not currently claim SOC 2, HIPAA, or GDPR certification — when we do, we will publish the issuing body and date on the security page.

Questions, requests, and complaints about this policy go to legal@smoothriseapp.com. We treat every privacy request as a real one.