Data Privacy Policy Example — SaaS Web App
Example document for Data Privacy Policy. Use this as a reference when creating your own.
Professional Review Required
This document involves significant legal, financial, or compliance considerations. You must have a qualified professional review and approve this document before use. Do not rely on this template as legal advice.
Document: Data Privacy Policy
Example Document
Last updated 6/4/2026
Privacy Policy — Brightleaf (Illustrative SaaS Web App)
Illustrative example — not legal advice. Brightleaf is a fictional company and every detail below is made up to show how a privacy policy reads when filled in. Do not copy it. Have a qualified privacy lawyer review any policy before you publish it. PropoDoc is not a law firm.
Effective date: 1 May 2026 Organisation: Brightleaf Software Ltd
This Privacy Policy explains how Brightleaf Software Ltd ("we", "us") collects, uses, shares, and protects personal information when you use the Brightleaf web app at brightleaf.example.
1. Who we are
We are Brightleaf Software Ltd, registered at 27 Maple Street, Manchester, United Kingdom. For any privacy question or request, contact us at privacy@brightleaf.example.
2. Information we collect
Information you give us directly:
- Account details: your name, email address, and password (stored only as a secure hash)
- Workspace content: the projects, notes, and files you create in the app
- Billing details: your billing name and the card information you enter, which is handled by our payment provider and never stored on our own servers
Information we collect automatically:
- Technical data: IP address, browser type, and device information
- Usage data: which features you use and when, to help us run and improve the service
- Cookies and similar technologies, as described in section 7
3. Why we use your information and our legal basis
- To create your account and run the Brightleaf service — legal basis: performance of our contract with you
- To process payments and prevent fraud — legal basis: performance of contract and our legitimate interest in preventing misuse
- To provide customer support — legal basis: our legitimate interest in helping our users
- To improve the product using aggregated, de-identified usage trends — legal basis: legitimate interests
- To send occasional product news, only if you have opted in — legal basis: consent, which you can withdraw at any time
4. How we share your information
We share personal information only with the service providers we rely on to run Brightleaf:
- A cloud hosting provider, which stores the app and its data
- A payment provider, which processes card payments
- An email provider, which delivers account and support messages
- A privacy-focused analytics provider, which measures aggregate usage
We do not sell your personal information, and we do not share it for cross-context advertising. We may disclose data if the law requires it.
5. International data transfers
Brightleaf is operated from the United Kingdom, and some of our providers process data in the European Union and the United States. Where data leaves the UK or EU, we rely on approved safeguards such as standard contractual clauses to protect it.
6. How long we keep your information
We keep your account data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 90 days, except where we must keep limited billing records for tax purposes, which we retain for 7 years.
7. Cookies and tracking
We use a small number of cookies: essential cookies that keep you signed in and remember your preferences, and optional analytics cookies that help us understand how the app is used. Optional cookies load only after you accept them in our cookie banner, and you can change your choice at any time.
8. Your rights
If you are in the UK, EU, or another region with similar laws, you can ask us to access, correct, delete, or export your data, object to certain uses, or withdraw consent. To make a request, email privacy@brightleaf.example, and we will respond within one month. You can also complain to your local data protection authority.
9. How we protect your information
We protect personal data with encryption in transit, encrypted storage, role-based access controls, and regular security reviews. No system can be guaranteed completely secure, but we work to keep your data safe and to respond quickly if anything goes wrong.
10. Children's privacy
Brightleaf is a business tool intended for users aged 16 and over. We do not knowingly collect data from children, and we will delete any such data we discover.
11. Changes to this policy
If we make material changes to this policy, we will update the effective date above and notify account holders by email before the changes take effect.
12. Contact us
For any privacy question or complaint, contact us at privacy@brightleaf.example.
(Illustrative wording only — Brightleaf is fictional, and this policy has not been reviewed by a lawyer.)
Notes
This is an illustrative example only, not legal advice — have a qualified lawyer review any privacy policy before you publish it.
About this Example
Part of the Data Privacy Policy document collection
Document Type
Data Privacy Policy
How you collect, use, store, and protect personal data — and users' rights.