Privacy Policy
Last updated June 2, 2026
This Privacy Policy explains how VisibleSeed LLC ("VisibleSeed," "we," "us," or "our") collects, uses, shares, and protects information when you use the client dashboard at my.visibleseed.com (the "Service"). The Service is a private workspace for our clients. It is offered by invitation only and is not a public product. If you have a separate services agreement with us, that agreement also governs our relationship and controls if there is any conflict with this policy.
We are the controller of the personal information processed through the Service. You can reach us about privacy at privacy@visibleseed.com.
1. Information we collect
We keep collection deliberately minimal. We collect:
- Account details that you or your account manager provide: your name, email address, the client organization you belong to, and your role.
- Phone number, only if you choose to verify one. Verification works by you sending a short code by text message to our business number; we record the number you sent it from and the time it was confirmed. We do not require a phone number to use the Service.
- Authentication data: one-time sign-in codes, passkeys (public-key credentials, never a password), and, if you choose, your Google account identifier when you sign in with Google.
- Project data: your documents and their full activity history, invoices and payment records, onboarding progress and form responses, and the content of support tickets you submit.
- Technical and security data: IP address, browser and device information, session records, and timestamps of sign-ins and key actions, used to secure your account and maintain audit trails.
We do not intentionally collect special categories of data (such as health, biometric, or government ID numbers). Please do not submit such information through support tickets or document fields.
2. How we use information
We use your information solely to operate the Service for you: to authenticate you, display your project data, run onboarding and document signing, present invoices and receipts, respond to support requests, send transactional notices, and keep the Service secure and reliable. We also use it to comply with legal and accounting obligations and to detect and prevent fraud or abuse.
We do not sell or rent your personal information, and we do not use it for advertising or profiling. Email from the Service is strictly transactional (sign-in codes, document copies, receipts, and service notices). We do not send marketing email, and we do not send marketing text messages.
3. Legal bases (where applicable)
For users in the EEA or UK, we process personal information on the bases of: performance of a contract (operating the Service for your organization), our legitimate interests (security, fraud prevention, and improving reliability), your consent (for example, phone verification), and compliance with legal obligations.
4. Data isolation between clients
Each client organization is strictly isolated. Access to data is scoped to your account on the server side, so one client can never see another client's information. Files are stored privately and are served only to authenticated, authorized members of the organization that owns them.
5. Service providers and subprocessors
We share data only with a small set of trusted providers who process it on our behalf to deliver the Service, under contractual confidentiality and security commitments:
| Provider | Purpose |
|---|---|
| Cloudflare | Application hosting, database, file storage, and network security. |
| Stripe | Payment processing. Card details are handled by Stripe on their hosted pages; we never see or store your full card number. |
| Resend | Delivery of transactional email (sign-in codes, receipts, document copies). |
| Twilio | Receives the verification text message you send to our number and relays the confirmation to us. Used only for the phone-verification flow you initiate. |
| DocuSeal | Electronic document signing. |
| Optional "Sign in with Google" authentication, only if you choose to use it. |
These providers may process data outside your country. We otherwise disclose information only when required by law, to enforce our agreements, to protect rights and safety, or as part of a business transfer (such as a merger or acquisition), in which case we will require the recipient to honor this policy.
6. Cookies and sessions
We use a small number of strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies, and there is no analytics beacon on the Service. Because our cookies are essential to signing in, the Service will not function without them.
7. Text messaging (SMS)
Phone verification is initiated by you: you send a one-time code by text to our business number via Twilio. Standard message and data rates from your carrier may apply. We do not send marketing or promotional text messages. You can stop service messages from our number at any time by replying STOP.
8. Data retention
We retain account and project data for as long as your organization is an active client, and for a reasonable period afterward to meet legal, tax, accounting, and record-keeping obligations and to resolve disputes. Security logs are kept for a limited period. When data is no longer needed, we delete or anonymize it.
9. Security
We protect your information with passwordless authentication, per-request server-side data scoping, encrypted transport (HTTPS/TLS), private file storage served only through authenticated and ownership-checked access, signature-verified and idempotent webhooks, rate limiting, and least-privilege secrets management. No method of transmission or storage is perfectly secure, but we design the Service to minimize what we collect and to keep each client's data isolated.
10. International transfers
We and our providers may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
11. Your rights and choices
Subject to applicable law, you may request to access, correct, export, restrict, or delete your personal information, and object to certain processing. You can remove a passkey or an unverified phone number at any time from your profile. Because the Service is invite-only, ending your access also stops further processing for your account.
California residents: you have the right to know what personal information we collect and how we use it, to request deletion, and to not be discriminated against for exercising your rights. We do not sell or share personal information as those terms are defined under California law. To exercise any right, email privacy@visibleseed.com; we will verify your request through your account and respond within the timeframe the law requires.
12. Children
The Service is for business clients and is not directed to children under 13, and we do not knowingly collect their information.
13. Third-party links
The Service may link to third-party sites (such as Stripe's billing portal or a signing page). Their privacy practices are governed by their own policies, not this one.
14. Changes to this policy
We may update this policy as the Service evolves. We will revise the "Last updated" date above and, for material changes, notify you through the Service or by email. Your continued use after an update means you accept the revised policy.
15. Contact us
VisibleSeed LLC, Houston, Texas. For privacy questions or to exercise your rights, email privacy@visibleseed.com. For general support, email hello@visibleseed.com.