Privacy Policy
This policy explains what we collect when you use internalpage and how we use it to provide private page sharing for teams.
- Effective date
- July 2, 2026
- Contact
- [email protected]
1. Scope
This Privacy Policy applies to internalpage websites, applications, APIs, CLI workflows, and private viewer links that we operate under the internalpage.com domain. It does not apply to third-party websites or services that we do not control.
2. Information we collect
We collect the information needed to authenticate users, operate workspaces, serve pages, and support customers.
- Account information: email address, display name, Google profile picture URL, sign-in timestamps, and workspace membership role.
- Workspace and page information: workspace name, workspace slug, workspace domain or account key, page slug, page description, visibility setting, expiry setting, version metadata, file size, file count, and creator/updater information.
- Customer content: HTML, Markdown, OpenAPI, and related page files that you upload or publish through the app, API, or CLI.
- Sharing information: selected email addresses that workspace members add to a page allowlist.
- Access logs: viewer email, viewed time, page ID, version ID, and hashed IP address and user-agent values for private viewer requests.
- Authentication and security information: session cookie records, OAuth state cookies, API token hash, token prefix, scopes, expiry, revocation status, and last-used timestamps.
- Feedback and support information: messages you submit, feedback type, whether you request a reply, related page URL, your email, workspace plan, and user-agent string.
- Billing information: billing customer, checkout, subscription, order, webhook, and portal metadata that we receive from Polar. We do not store full payment card numbers.
3. Google Sign-In and Google user data
internalpage uses Google Sign-In to verify who can access workspace pages. We request the OpenID Connect email and profile scopes so we can receive your verified email address, display name, and profile picture URL. We use this data to create your account, maintain your session, determine workspace membership, enforce page access controls, show creator/viewer information, and provide customer support.
We do not sell Google user data. We do not use Google user data for advertising. We do not transfer Google user data except as needed to operate internalpage, comply with law, protect the service, or use subprocessors described in this policy.
4. How we use information
- Authenticate users and maintain secure sessions.
- Create and manage workspaces, memberships, roles, pages, versions, API tokens, and billing status.
- Authorize each private page and asset request before serving customer content.
- Display page history, recent access logs, workspace members, and billing state to authorized users.
- Detect, investigate, and prevent abuse, security issues, service errors, and unauthorized access.
- Respond to feedback, support, billing, and account requests.
- Comply with legal, tax, accounting, and operational obligations.
5. Cookies and local storage
We use essential cookies for sign-in, OAuth state, and session management. Session cookies are HttpOnly and are used to identify logged-in users across internalpage app and viewer surfaces. We do not currently use advertising cookies or third-party tracking cookies. If we add non-essential analytics or marketing cookies, we will update this policy and, where required, request consent.
6. Sharing and subprocessors
We share information only where needed to operate the service or as required by law. Current service providers include:
- Google: authentication and verified identity information.
- Cloudflare: edge delivery, Workers, DNS, and object storage for uploaded page files and viewer traffic.
- AWS: application hosting for the control plane.
- Polar: checkout, subscription, customer portal, and billing event processing.
- Discord: internal operational notifications for signups, workspace creation, and feedback when configured.
7. Retention
We keep account, workspace, page, version, token, and billing records while needed to provide the service, resolve disputes, maintain security, and comply with legal obligations. Private viewer logs are intended to support recent access history and are pruned after approximately 30 days. Session records expire after approximately 14 days unless you sign in again. API tokens expire according to their configured expiry and can be revoked.
When a workspace owner deletes a workspace, we delete workspace-scoped records and locally stored workspace files from the active service path. Some data may remain for a limited time in backups, security logs, billing records, or legal retention systems.
8. Security
We use access controls, hashed session and API token secrets, secure cookies in production, origin separation between the app and private viewer, and authorization checks before serving page content. No internet service can be made perfectly secure, and you are responsible for protecting your accounts, API tokens, and uploaded content.
9. International transfers
We and our service providers may process information in countries other than where you are located. Where required, we rely on appropriate safeguards for cross-border transfers.
10. Your rights and choices
Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to processing of personal information. Workspace owners can delete a workspace from settings. You can also contact us at [email protected] for privacy requests.
11. Changes
We may update this Privacy Policy as internalpage changes. If changes are material, we will provide notice through the service, by email, or by another reasonable method.