Privacy Policy

Last updated: April 15, 2026

OrgPlan, Inc. (“OrgPlan”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that personal information we handle is treated lawfully, transparently, and securely. This Privacy Policy explains what information we collect through our marketing site at orgplan.io and our application at app.orgplan.io (together, the “Service”), how we use it, who we share it with, and the rights you have over it.

1. Information we collect

Account information

When you create an account, we collect your name, email address, and optional profile photo through our authentication provider, Clerk. We do not store passwords directly; Clerk handles credential management on our behalf.

Organization data

OrgPlan is an org chart and headcount planning tool. To use the core product you (or another administrator at your organization) upload, sync, or enter information about employees, including:

  • Names, work email addresses, job titles, departments, and reporting relationships
  • Optional fields such as start date, location, employment status, and salary
  • Scenario-planning data: proposed hires, role changes, and budget assumptions

Each organization’s data is logically isolated from every other organization in our database using Postgres Row-Level Security. Salary visibility is further controlled by a configurable role-based access policy enforced server-side.

Google Workspace data

If you choose to connect Google Workspace, we use Google’s OAuth 2.0 flow to access a read-only view of your directory so we can import employee information. We request only the minimum scopes required to read directory data. We do not access email, calendar, Drive, or any other Workspace content. OAuth refresh tokens are stored encrypted at rest and can be revoked at any time from the Integrations page or from your Google Account permissions screen. OrgPlan’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Billing information

Paid subscriptions are processed by Stripe. When you subscribe, Stripe collects and stores your payment details directly — OrgPlan never sees or stores full payment card numbers. We retain limited billing metadata (customer ID, plan, invoice history) to manage your subscription.

Support and contact data

If you contact us through the contact form, by email, or via the in-app help widget, we collect the information you provide (typically name, email, message body, and any context you choose to share) so we can respond and provide support.

Technical and usage data

When you use the Service we automatically collect certain technical information:

  • Device and browser type, operating system, and screen size
  • IP address and approximate geographic location (derived from IP)
  • Pages viewed, features used, click events, and session timestamps
  • Diagnostic logs and error reports needed to operate and debug the Service

2. How we use your information

We use the information described above to:

  • Provide, maintain, and improve the Service
  • Authenticate you and secure your account
  • Sync, store, and display your organization data
  • Process subscription payments and send invoices via Stripe
  • Send transactional messages such as invitations, billing receipts, security alerts, and service announcements
  • Respond to support requests and feedback
  • Analyze aggregated usage to understand product performance and prioritize improvements
  • Detect, prevent, and investigate fraud, abuse, and security incidents
  • Comply with legal obligations

3. Lawful basis for processing (GDPR)

For users in the European Economic Area, United Kingdom, and Switzerland, we process personal data under the following lawful bases:

  • Contractual necessity — to deliver the Service you or your organization has subscribed to.
  • Legitimate interests — to secure the Service, prevent abuse, and analyze aggregate usage to improve the product.
  • Consent — for optional marketing communications and for non-essential cookies (where applicable).
  • Legal obligation — to comply with applicable laws, court orders, or enforceable governmental requests.

4. Data processing on behalf of customers

When OrgPlan stores employee data on behalf of a customer organization, OrgPlan acts as a “data processor” (or “service provider”) and the customer organization acts as the “data controller” for that data. We process such data only in accordance with the customer’s instructions and the agreement under which the Service is provided. If you are an employee whose information appears in OrgPlan and you wish to exercise any rights described in this Policy, please contact your employer first — we will direct your request to them.

5. Sub-processors

We rely on a small set of carefully selected sub-processors to operate the Service. Each sub-processor is bound by contractual obligations consistent with this Policy and applicable data-protection law:

  • Vercel, Inc. — application hosting and edge delivery
  • Neon, Inc. — managed PostgreSQL database
  • Clerk, Inc. — authentication and user management
  • Stripe, Inc. — payment processing and subscription billing
  • Resend — transactional email delivery
  • PostHog, Inc. — product analytics
  • Better Stack — uptime monitoring and status page
  • Google LLC — Google Workspace directory import (only if you connect it)

We will provide reasonable advance notice of any material change to this list. A current list is available on request from privacy@orgplan.io.

6. Sharing of personal information

We do not sell, rent, or trade personal information. We share data only with the sub-processors listed above and only as needed to operate the Service, and otherwise only:

  • With your explicit instruction or consent
  • With other members of your organization, according to the access controls you configure
  • When required to comply with a valid legal process, court order, or governmental request
  • To enforce our Terms of Service, protect the rights, property, or safety of OrgPlan, our users, or others, or investigate fraud or security issues
  • In connection with a corporate transaction such as a merger, acquisition, or asset sale, subject to standard confidentiality protections and continued application of this Policy

7. Data security

We implement industry-standard technical and organizational measures to protect personal information from unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit — all traffic is served over HTTPS with HSTS enabled (2-year max-age, preload).
  • Encryption at rest — database storage and OAuth tokens are encrypted at rest by our infrastructure providers.
  • Tenant isolation — every database query is scoped to the current organization using Postgres Row-Level Security and session variables.
  • Role-based access control — five-level RBAC (Owner, Admin, Editor, Viewer, Guest) with configurable salary visibility, enforced server-side.
  • Browser security headers — strict Content Security Policy with frame-ancestors ‘none’, base-uri ‘self’, form-action ‘self’, and Cross-Origin-Resource-Policy set to same-origin.
  • Input validation — server-side length and type validation on all input fields.
  • Security scanning — routine automated scans (OWASP ZAP baseline) against our production application.

For more detail, see our Security page. No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

8. Data breach notification

If we become aware of a personal-data breach that poses a risk to your rights and freedoms, we will notify the affected customer organization and, where required by applicable law, the relevant supervisory authority without undue delay and within the statutory timeframe.

9. International data transfers

OrgPlan is operated from the United States, and our sub-processors may be located in the United States, the European Union, or other jurisdictions. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country not recognized as providing an adequate level of protection, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

10. Data retention and deletion

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Active organizations — data is retained for the lifetime of your subscription.
  • Soft delete — when an organization owner deletes an organization, the data enters a 30-day soft-delete grace period during which it can be restored.
  • Hard delete — after the grace period expires, data is permanently removed from our production database. Backups containing the data are overwritten on our standard rotation cycle (no longer than 35 days).
  • Billing records — we retain invoices and tax records as required by applicable financial-reporting law (typically up to 7 years).

You can request immediate hard-deletion of your account and any data tied to you personally by emailing privacy@orgplan.io.

11. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information (the “right to be forgotten”)
  • Restrict or object to certain processing activities
  • Port your data — export it in a structured, machine-readable format (CSV, PDF, or PNG)
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with a data-protection supervisory authority in your jurisdiction

To exercise any of these rights, contact us at privacy@orgplan.io. We will respond within the timeframe required by applicable law (typically within 30 days).

12. Cookies and similar technologies

We use a small number of cookies and similar storage mechanisms:

  • Strictly necessary — required for authentication, session management, and core functionality. These cannot be disabled.
  • Analytics — PostHog uses first-party storage to measure aggregate usage. IP addresses are truncated and we do not enable session recording on the marketing site.

You can clear or block cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in to the Service.

13. Marketing communications

We may occasionally send product updates, release notes, or other promotional material to the email address associated with your account. You can unsubscribe at any time using the link at the bottom of any marketing email or by emailing privacy@orgplan.io. Transactional and security messages cannot be opted out of while your account is active.

14. Children

OrgPlan is designed for use by businesses and is not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

15. Automated decision-making

OrgPlan does not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on individuals. If this changes we will update this Policy and notify customers in advance.

16. Third-party links

Our website and application may contain links to third-party services. We are not responsible for the privacy practices or content of those services. We encourage you to review their privacy policies before providing them with personal information.

17. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will revise the “Last updated” date at the top of this page and, where appropriate, notify you by email or through the Service before the change takes effect.

18. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us at privacy@orgplan.io.