Privacy Policy
How TeamlyApp collects, uses, and protects information when you use our editor, client portals, and authentication methods (Google Sign-In, email/password, magic links).
Overview
This policy describes how TeamlyApp handles information when you use our website, editor, and client portal features.
It also covers how we handle information when you sign in using Google Sign-In, email/password, or email magic links.
If you have questions, contact us at the email listed in the Contact section.
Information we collect
- Account/contact details (like email) when you create a workspace or sign in.
- If you sign in with Google: basic profile information (such as your name, email address, profile photo) and a Google account identifier used to link your account.
- If you sign in with email/password: your email address and a password. Passwords are stored using a one-way hash (we do not store your plaintext password).
- If you sign in with email magic links: your email address, the time we send the link, and a short-lived sign-in token used to complete authentication (plus limited delivery/anti-abuse metadata where applicable).
- Authentication/session data (such as session identifiers, login timestamps, and security logs).
- Usage and device data (like pages visited and clicks) to improve product performance.
- Client portal activity signals (like opens) when tracking is enabled.
- Content you provide in documents/portals (text, images, attachments) that you choose to publish.
How we use information
- Operate the product (editor, portals, tracking, approvals, exports).
- Authenticate you, maintain sessions, and secure accounts (including fraud and abuse prevention).
- Send authentication messages (for example, magic links, verification, and security-related notices) and service communications.
- Provide support, troubleshoot issues, and prevent misuse.
- Understand usage to improve onboarding and features.
- Communicate with you about access and product updates (you can opt out of non-essential marketing emails where applicable).
Authentication methods
TeamlyApp supports multiple sign-in methods. The information we receive and use depends on the method you choose.
- Google Sign-In: used to create and authenticate your account and link it to a Google identity.
- Email/password: used to authenticate your account. Passwords are stored only as a one-way hash.
- Email magic links: used to authenticate without a password. Magic links are intended to be short-lived and should be treated like a password (do not forward them).
Google Sign-In and Google OAuth
TeamlyApp offers Google Sign-In to help you create an account and log in more easily.
We request only the minimum permissions needed for authentication. We do not access your Gmail, Google Drive, Google Calendar, or other Google services unless you explicitly connect those services and grant additional permissions in context.
- What we receive: basic profile info (name, email, profile photo) and a Google account identifier to authenticate you and link your TeamlyApp account.
- Why we use it: to create your account, sign you in, secure your account, and provide account support.
- Tokens: if we store OAuth tokens (for example, to maintain your signed-in session), we protect them and limit access. If you disconnect Google Sign-In, we stop using those tokens and remove stored tokens where applicable.
- No surprises: if we change the Google data we request or how we use it, we will update this policy and, where required, prompt you to consent before we access Google data in a new way or for a different purpose.
Sharing
We do not sell personal information. We may share data with service providers that help run TeamlyApp (such as hosting, analytics, and email delivery), under appropriate confidentiality and security obligations.
We do not transfer or use Google user data for advertising, retargeting, selling data, data brokering, or determining credit-worthiness/lending decisions.
We may disclose information if required by law or to protect our rights, users, and the public.
Client portals
When you share a client portal link, recipients can view the portal in their browser. If tracking is enabled, activity signals may be recorded for your workspace.
You are responsible for configuring portal access (password/expiry) and providing any disclosures required by your recipients.
Retention, deletion, and exports
We retain data as needed to provide the service, maintain security, comply with legal obligations, and resolve disputes.
TeamlyApp is export-first, so you can export PDFs anytime for your records.
You can request account deletion. When an account is deleted, we take steps to delete or anonymize associated personal information, subject to legal and operational retention needs (for example, security logs or billing records where applicable).
Your choices and controls
- Access and updates: you can update certain account details in your settings (where available).
- Sign-in methods: you can choose between available sign-in options. If you use email magic links, keep access to your email secure.
- Google access: you can revoke TeamlyApp’s access to your Google account through your Google Account security settings, and/or by disconnecting Google Sign-In in TeamlyApp (where available).
- Portal controls: you can manage portal access via password protection and link expiry (where available).
Security
We take reasonable and appropriate measures to protect information in transit and at rest, and to prevent unauthorized access, alteration, disclosure, or destruction.
This includes safeguards such as encrypted connections (HTTPS), access controls, and secure handling of credentials and tokens.
Children’s privacy
TeamlyApp is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
Changes to this policy
We may update this policy from time to time. If changes are material, we will provide notice in the product or on our website.
If we change how we access or use Google user data in a new way or for a different purpose, we will update disclosures and request consent where required.