CRClient Reporting Engine

Automate your agency reporting

Product

  • Home
  • Features
  • Pricing

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

Resources

  • Documentation
  • Support

Follow

© 2026 Client Reporting Engine. All rights reserved.

Built by Aathithya S

CRClient Reporting
PricingSign in

Privacy Policy

Last updated: May 6, 2026

This is a starting template. Have a lawyer review it before relying on it for production use.

1. Introduction

Client Reporting Engine (“we”, “us”) provides automated client reporting tools for marketing agencies. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using our service, you agree to the practices described here. If you do not agree, please do not use the service.

2. Information we collect

We collect the following categories of information:

  • Account information — your name, email, and authentication tokens. We use passwordless magic-link sign-in.
  • Workspace data — agency branding, clients you create, and data sources you connect (Google Ads, Meta Ads, GA4, Instagram Insights). For each connected source we store OAuth credentials you authorize.
  • Reports and metrics — generated PDF reports, the metrics fetched from your connected sources, and delivery records (recipients, send timestamps).
  • Payment information — handled directly by Stripe. We never see or store full card numbers; we only store Stripe customer and subscription identifiers.
  • Usage and device data — pages visited, IP address, browser, and device type, collected via Vercel Analytics and standard server logs.

3. How we use information

  • To operate the service: pull metrics, generate reports, and deliver them.
  • To authenticate sign-in and keep your account secure.
  • To process subscriptions, invoices, and refunds.
  • To improve the product (e.g. understanding which features are used).
  • To respond to support requests and send essential service emails.

We do not sell your data, and we do not use your client data to train AI models.

4. Cookies and tracking

We use a small number of cookies and similar technologies:

  • Authentication cookies — set by NextAuth to keep you signed in. These are essential and cannot be disabled.
  • Analytics — we use Vercel Analytics to measure page views and key product events (sign-ups, report generations, plan upgrades). It is privacy-friendly and does not use third-party cookies.

You can clear cookies any time via your browser settings. Clearing the authentication cookie will sign you out.

5. Third-party sub-processors

We rely on a small set of trusted vendors. Each acts as a processor under their standard data-protection terms.

  • Stripe— payment processing for paid plans. Subject to Stripe's Privacy Policy.
  • Supabase — Postgres database hosting. Stores your account, workspace, and report metadata.
  • Resend — transactional email for sign-in magic links and report delivery.
  • Vercel — application hosting and analytics.
  • Connected platforms — Google Ads, Meta, Google Analytics 4, and Instagram only when you authorize them. We pull only what your report requires.

6. Data retention

We keep your data while your account is active. If you delete a client, we cascade the deletion to its data sources and reports. If you delete your account, we remove your workspace data within 30 days, except where we are required to retain specific records (for example, billing records for tax purposes).

7. Your rights

You can:

  • Access, correct, or export your data at any time.
  • Disconnect any data source from the data sources page.
  • Delete your account by emailing aathithya594@gmail.com.
  • Object to certain processing or request restriction, where applicable under your local privacy law (GDPR, UK GDPR, CCPA).

8. Security

We use HTTPS in transit, encrypted credentials at rest, and standard security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy). No system is perfectly secure — we will notify you without undue delay if we detect a breach affecting your data.

9. International transfers

Our infrastructure is operated by U.S.-based providers (Vercel, Supabase, Stripe, Resend). If you access the service from outside the U.S., your data may be transferred to and processed in the U.S. under standard contractual safeguards.

10. Children

The service is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect. The “Last updated” date above shows the current version.

12. Contact

Questions about privacy or data handling? Email aathithya594@gmail.com.

See also our Terms of Service.