E&F Compliance Services

Privacy Policy

Effective May 18, 2026

This policy explains what E&F Compliance Services LLC collects and how we use it when you use the Colorado Compliance Calendar (the "Service"). We try to keep this short and concrete.

What we collect

  • Account information you provide: your name, email, password (we never see your plain-text password; it's handled by our auth provider, Supabase).
  • Workspace information you provide: business name, Colorado entity type, industry, primary city, employee status, AI-use flag, and any obligation notes or proof attachments you upload.
  • Billing information: if you subscribe to a paid plan, Stripe collects and stores your payment details on its own systems. We receive a customer ID and subscription metadata back; we do not receive or store your card number, CVC, or bank account.
  • Usage information: page views, server logs (IP, user agent, request path), and product analytics needed to operate and improve the Service.
  • Email delivery metadata: when reminders or invitations are sent, Resend records the send/open/bounce status of those messages.

Why we collect it

  • To run the Service you signed up for — match obligations to your business, generate reminders, render your dashboard.
  • To send transactional email (reminders, invitations, billing receipts).
  • To bill you for paid plans, via Stripe.
  • To debug problems, prevent abuse, and operate our infrastructure securely.

We do not sell your information. We do not use your information to train external AI models.

Who we share it with

We use third-party processors who handle data on our behalf, subject to contracts that limit their use to the purposes above:

  • Supabase — database, authentication, file storage.
  • Vercel — hosting and request logs.
  • Stripe — billing and payments.
  • Resend — transactional email delivery.

We share information with these providers only as needed for them to provide their part of the Service.

Where it lives

Data is stored in the United States. Supabase, Vercel, Stripe, and Resend all operate from US regions for our project.

How long we keep it

Account and workspace information is retained while your account is active. If you cancel, we keep your data for up to 30 days so you can re-activate, then delete it. Server logs and email-delivery metadata roll off on each provider's default schedule (typically 30–90 days). Stripe retains billing records as required by law (typically 7 years).

Your rights under the Colorado Privacy Act

Colorado residents have the right to access, correct, delete, and obtain a portable copy of personal data we hold about them, and to opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions producing legal or similarly significant effects. We do not engage in targeted advertising, do not sell personal data, and do not use personal data for profiling under the Colorado Privacy Act.

To exercise any of these rights, email team@efcompliance.com. We will respond within 45 days. If we deny your request, you may appeal by replying to our response.

Children

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us and we will delete it.

Changes to this policy

We may update this policy as the Service evolves. When we make material changes, we will update the effective date at the top of this page and, if you have an account, notify you by email.

Contact

E&F Compliance Services LLC
team@efcompliance.com