Privacy Policy

Privacy Policy

Last updated: March 2026

1. Introduction

ResoField ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use the ResoField platform at resofield.app and dashboard.resofield.app.

By using ResoField, you agree to the practices described in this policy. If you do not agree, please do not use the platform.

2. Data Controller

The data controller responsible for your personal data is ResoField, operated by Marvin Carter. For questions about this policy or your data, contact us via the contact page.

3. What Data We Collect

We collect the following categories of personal data:

3.1 Account Data

  • Email address (required for account creation)
  • Display name (optional)
  • Language preference

3.2 Usage Data

  • Pages visited and features used
  • Browser type and device information
  • IP address (anonymized)
  • Session duration and interaction patterns

3.3 Client and Treatment Data

If you use ResoField as a practitioner, you may store client information and treatment records. This data is encrypted using AES-256 encryption and protected by row-level security. We cannot access your client data.

3.4 Contact Form Data

  • Name, email address, and message content submitted through contact or support forms

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain the ResoField platform
  • To authenticate your account and manage sessions
  • To respond to support requests and inquiries
  • To improve the platform based on aggregated usage patterns
  • To send important service-related notifications (not marketing)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

  • Contract performance: Processing necessary to provide the ResoField platform (Article 6(1)(b) GDPR)
  • Legitimate interest: Analytics to improve the platform, provided your rights are not overridden (Article 6(1)(f) GDPR)
  • Consent: For optional cookies and analytics tracking, where required (Article 6(1)(a) GDPR)

6. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase (database and authentication): Stores account data and encrypted client records. Data is hosted in the EU.
  • Cloudflare (CDN and security): Processes requests to protect against attacks. Privacy policy: cloudflare.com/privacypolicy
  • Google Analytics (usage analytics): Collects anonymized usage data to help us understand how the platform is used. You can opt out using browser extensions or cookie settings.
  • OpenAI (AI features): When you use AI-powered features, your prompts are sent to OpenAI for processing. No client names or identifying data are included in AI requests.

7. Cookies

ResoField uses the following types of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled.
  • Analytics cookies: Used by Google Analytics to understand usage patterns. These can be disabled in your browser settings.

We do not use advertising cookies or tracking pixels.

8. Data Retention

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
  • Client and treatment data: Retained as long as your account is active. Permanently deleted when you delete the data or your account.
  • Contact form submissions: Retained for up to 12 months, then deleted.
  • Analytics data: Anonymized and retained for up to 26 months by Google Analytics.

9. Your Rights

Under the GDPR and similar regulations, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request that we limit processing of your data
  • Data portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us via the contact page. We will respond within 30 days.

10. Data Security

We take data security seriously and implement the following measures:

  • AES-256 encryption for all client and treatment data
  • Row-level security (RLS) ensuring users can only access their own data
  • HTTPS encryption for all data in transit
  • Regular security audits and updates
  • Minimal data collection principle

11. International Data Transfers

Your data may be processed in countries outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

12. Children's Privacy

ResoField is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the platform after changes constitutes acceptance of the updated policy.

14. Contact

For questions, concerns, or requests related to this privacy policy or your personal data, please use our contact form.