Privacy Policy

Facilitator account data — When you create an account, we collect your email address and any profile information you choose to add (practice name, contact details, logo). This information is used to identify your account and personalize your forms.

Client form responses — When a client completes an intake or consent form through Setwork, their responses are stored in your account. This includes any personal, health, or session-related information they provide in the form. Clients do not create Setwork accounts; their responses are linked to your facilitator account.

Client records — If you manually create client records (name, contact information, session notes), this information is stored under your account.

Usage data — We may collect basic technical information (browser type, timestamps, error logs) to maintain and improve the service. We do not use third-party analytics trackers.

All data is stored using Supabase, a cloud database provider. Data is encrypted at rest using AES-256 and encrypted in transit using TLS. Supabase infrastructure is hosted on AWS and meets SOC 2 Type II standards.

Facilitator and client data is stored in a multi-tenant database where each facilitator's records are logically isolated by their unique user ID. Row-level security policies ensure that facilitators can only access their own data.

Uploaded files (such as practice logos) are stored in Supabase Storage with access restricted to authenticated account holders.

You (the facilitator) — Only the facilitator who collected the data can view it within the Setwork dashboard. We do not enable data sharing between facilitator accounts.

Setwork operators — As database administrators, we have the technical ability to access stored data for the purpose of troubleshooting, maintenance, and security. We treat all facilitator and client data as strictly confidential and access it only when necessary to resolve technical issues.

Third parties — We do not sell, rent, or share facilitator or client data with any third party, except as required by law (e.g., a valid court order or regulatory requirement). We will notify you of any such requirement to the extent permitted by law.

Email delivery — When Setwork sends you an email notification (such as a form submission alert), we use Resend as our email delivery provider. Resend receives your email address for the purpose of delivering that message. Resend does not use your data for any other purpose.

We use the data described above only to:

• Operate and provide the Setwork service to you.
• Send you notifications about activity in your account (e.g., new form submissions).
• Maintain the security and integrity of the platform.
• Respond to support requests or technical issues.

We do not use client form responses for any purpose other than displaying them to the facilitator who collected them.

Your account data and client records are retained for as long as your account is active. If you delete your account, we will delete your facilitator profile and associated data within 30 days, except where we are required to retain it for legal or regulatory reasons.

Client form responses are retained for as long as your account is active. You may manually delete individual responses from within your dashboard at any time.

We do not have an automated data expiry policy for client records — you are responsible for managing data retention in accordance with your professional and legal obligations.

We do not sell, license, or monetize facilitator or client data in any form. We do not share data with advertisers, data brokers, research institutions, or any commercial third party. Setwork's business model is based on subscription access to the platform, not on data.

Setwork uses session cookies to keep you logged in. These are strictly necessary for the service to function and are not used for advertising or cross-site tracking. We do not use third-party tracking pixels or advertising cookies.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Object to or restrict certain types of processing.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

To request deletion of your account and all associated data, email us at hello@setwork.io with the subject line "Data Deletion Request" and the email address associated with your account. We will process your request and confirm deletion within 30 days.

Please note that deleting your account will permanently remove all client records, form responses, and configurations stored under your account. This action cannot be undone.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated to account holders by email where reasonably possible. Continued use of Setwork after changes are posted constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us at:

Setwork
hello@setwork.io