Summary while we draft the full policy
- Your member records belong to your organization. Sembr is the processor; your organization is the controller. We do not sell, share, or use your member data for any purpose outside running your Sembr workspace.
- PII never enters logs, prompts, or audit trails. This is enforced by pre-commit hooks in our codebase.
- GDPR / PIPEDA / CASL-shaped. Sembr is built by a Canadian company with European privacy expectations baked in from day one.
- Tenant isolation is enforced at the query layer, not the application layer. Row-level security policies on every queryable table.
- Subprocessors: Supabase (database), Stripe (payments), Cloudflare R2 (file storage), Resend (transactional email), Sentry (error monitoring), Anthropic (AI features, opt-out available). See full list.
- Data export: every tenant has a one-click export to JSON, CSV, or SQL in the dashboard. No support ticket required.
- Data retention: active tenants keep data indefinitely. Cancelled tenants keep data for 30 days, then full deletion (audit log of the deletion is retained).
The full policy
We are drafting the full legal text with privacy counsel ahead of public launch. To request specifics today, use the contact link in the footer.