Privacy Policy

This policy applies to everyone who uses damantra — org owners, team members, and customers who access the customer portal via a shared link. By using damantra you agree to the practices described here.

Account data. When you create an account: your email address, name, and organisation name. If you sign in with Google, we receive your Google profile email and display name — nothing else.

Business data. Everything you enter into damantra — orders, quotes, invoices, customer details, catalog items, production notes — belongs to you. We store it to provide the service and for no other purpose.

Usage data. Standard server logs: IP address, browser type, pages visited, and timestamps. We use these to diagnose errors and understand how the product is used in aggregate. We do not build individual usage profiles.

Communications. If you contact us by email, we keep that correspondence to respond and improve the product.

• To operate, maintain, and improve the damantra platform.
• To send transactional emails — magic links, invoice notifications, workflow updates — that are part of the service you signed up for.
• To respond to support requests and investigate reported issues.
• To detect and prevent fraud, abuse, or unauthorised access.
• To comply with legal obligations where required.

We do not sell your data. We do not use your business data to train models or run advertising. We do not share it with third parties for their own marketing.

damantra is built on managed infrastructure. Your data passes through or is stored by:

• Vercel — application hosting and global CDN. Processes request data transiently to serve pages.
• Supabase — managed Postgres database and authentication. All business data is stored here with AES-256 encryption at rest and TLS in transit.
• Email provider — used to send transactional notifications. Email addresses are used only to deliver messages you've triggered.

We choose infrastructure partners that operate under recognised data protection frameworks and maintain their own published security programmes.

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access within your organisation is gated by row-level security at the database layer — not just application-level checks. Team member permissions are enforced by role.

We take security seriously, but no system is perfectly immune. If you discover a vulnerability, please report it to contact@damantra.co.

We retain your data for as long as your account is active. If you delete your account, your business data is permanently deleted within 30 days except where retention is required by law (for example, invoicing records may need to be kept longer in certain jurisdictions — we will advise you at deletion time).

Depending on your location, you may have rights to access, correct, export, or delete your data. To exercise any of these rights, email us at contact@damantra.co. We will respond within 30 days. For EU/UK users, these rights are guaranteed under GDPR and UK GDPR respectively.

damantra uses essential session cookies to keep you signed in and remember your preferences (such as sidebar state). We do not use advertising cookies or third-party tracking cookies. No cookie consent banner is required because we set only functional cookies that are strictly necessary for the service.

damantra is a business tool intended for users aged 18 and over. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

If we make material changes to this policy, we will notify account holders by email at least 14 days before they take effect. The “last updated” date at the top of this page always reflects the current version.

Questions about this policy or your data: contact@damantra.co.