Privacy Policy

Data We Collect

• Account information: name, work email, password hash
• Business data you upload: revenue, spend, customer metrics (stored per your organization only)
• Usage data: pages visited, actions taken within the platform (for improving the product)
• Feedback you submit through the platform

Data Isolation

Your business data is private to your organization. Needlwork enforces strict organization-level isolation. No other customer can access your data. Our engineers access your data only when necessary to provide support, and only with your consent.

Benchmarks and Aggregation

Industry benchmarks on Needlwork are computed from anonymized, aggregated data across eligible accounts. Benchmark outputs do not contain identifiable brand data. Individual brand metrics are never shared with other customers. If you prefer your data not to be included in benchmark computation, you can request exclusion at any time.

Data Security

All data is encrypted in transit (TLS) and at rest. Access controls restrict data access by organization and role. We use row-level security policies to enforce data isolation at the database level. Uploaded files are stored in private, access-controlled storage.

Third-Party Services

We use Supabase for authentication and database infrastructure, and Resend for transactional email. These services are GDPR-compliant and do not use your data for advertising.

Marketing Communications

We only send marketing emails to users who explicitly opt in during signup. You can unsubscribe at any time. Transactional emails (verification, invitations, account alerts) are sent regardless of marketing consent.

Your Rights

You can request a copy of your data, request deletion of your account and associated data, or request exclusion from benchmark computation at any time by emailing hello@needlwork.com.

Contact

For privacy questions, contact us at hello@needlwork.com.