Privacy Policy

When you have an account on Pillar, we store:

• Your email address and (optionally) your name and avatar URL.
• A bcrypt hash of your password. We never store your password in plaintext.
• An audit log of actions you take in the platform (pages created, leads updated, settings changed, etc.), along with timestamps.
• Content you create on behalf of your organization — pages, posts, forms, and lead submissions.
• Webhook-delivery logs that may include destination URLs, status codes, and short response excerpts.

Pillar uses a single HTTP-only session cookie (pillar_session) to keep you signed in. We don’t use analytics, ad, or fingerprinting cookies.

We use the data above to:

• Authenticate you and authorize access to your organization’s content.
• Show you and your team an audit trail of changes for accountability and recovery.
• Deliver transactional emails (account invitations, password resets, lead notifications).
• Diagnose and fix problems with the service.

Pillar runs on a small set of third-party services that process data on our behalf:

• Supabase — managed Postgres hosting for the application database (and future Storage for uploads).
• SendGrid — outbound transactional email delivery.
• Vercel — application hosting (when deployed to production).

Each service receives only the data necessary to provide its function (e.g. SendGrid receives the recipient address and email body).

• Account records (email, password hash, profile) are kept while your account is active.
• Audit-log entries are retained for 12 months, then purged.
• Content you create is retained until you or an admin deletes it.
• Webhook delivery logs are retained for 90 days.

You can:

• Reset your password from the sign-in page at any time.
• Ask an admin in your organization to update or remove your account.
• Request a copy or deletion of your personal data by writing to info@apollofranklin.com. Deletion requests are completed within 30 days.