Privacy Policy.
— What we collect —
We collect the email addresses you provide for sign-in and invitations, the display names and typed signatures you affix to a filing, the bond name and clauses you draft, the breach clauses you negotiate, payment metadata returned by Stripe (card brand and last four digits — never full card numbers), the IP address and user agent recorded at the moment you sign, and the AI prompts you submit to the drafting assistant.
— What we do with it —
We use this data to operate the service: to render certificates, to verify both parties consented, to process payments, to populate the public registry (unless you elect a private filing), and to surface the AI-assisted suggestions you requested. AI prompts are sanitized to prevent prompt-injection and are logged in aggregate for abuse detection and rate-limiting.
— Who can see your filing —
Officiated and dissolved public filings — bond name, party display names, clauses, certificate number, and dissolution reason if any — are visible to anyone via the registry and the certificate URL. Private filings (a paid upgrade) are visible only to the parties involved and to authorized Make It Official operators. Drafts are never public.
— Third parties —
We use Supabase for storage and authentication; Vercel for hosting; Stripe for payments; Resend for transactional email delivery; and a third-party large-language-model provider to power the drafting assistant. The model provider receives only the prompt text you submit (sanitized) plus minimal context required for the response, and is contractually prohibited from training on your data. These processors receive only the data necessary to perform their service. We do not sell your data, and we do not share it with advertisers or marketing networks.
— Cookies and analytics —
We use first-party cookies strictly necessary to keep you signed in and to maintain session state. We do not use cross-site advertising trackers.
— Your rights —
You may request access to, correction of, or deletion of the personal data we hold by emailing make.it.official.support@gmail.com. Note that public registry entries are part of the historical record of an officiated bond; deletion requests for public filings will be evaluated against the legitimate interest of the other party and the integrity of the registry.
— Retention —
Filings are retained indefinitely as part of the historical record of the registry. A certificate, once issued, is meant to last; the integrity of the registry depends on those records remaining accessible to the parties involved and — for public filings — to anyone with the certificate URL. Closing your account does not by itself delete filings you have signed or petitioned. To request removal of personal data, see Your rights above; deletion will be evaluated against the legitimate interest of any other party to a filing and against our obligation to maintain an accurate registry.
— Children —
The service is not intended for children under 13. We do not knowingly collect data from children under 13. Where local law sets a higher minimum age for digital consent (for example, 16 in some EU/EEA jurisdictions), users must meet that local minimum.
— Changes —
We may update this policy. Material changes will be communicated via the site or by email.