Privacy Notice

Last updated: May 5, 2026

1. Who we are

Beyond the Ruby Door LLC ("we," "us," or "our") operates the Beyond the Ruby Door OS platform. We act as the data controller for personal information collected through the Service.

2. Information we collect

• Account data: name, email address, password (hashed), and the role/plan you select.
• Business content you create: client records, trip itineraries, vendor contacts, commissions, tasks, marketing notes, and tour data you enter into the Service.
• Support communications: messages you send to us by email or in-app.
• Usage and device data: log data, IP address, browser type, pages viewed, and timestamps, used to operate and secure the Service.

Payment card information is collected and processed directly by our payment provider, Paddle. We do not see or store your full card number.

3. How we use your information

• To create and operate your account and provide the Service (legal basis: performance of a contract);
• To respond to support requests (legal basis: performance of a contract);
• To prevent fraud, abuse, and security incidents (legal basis: legitimate interests);
• To improve and develop the Service (legal basis: legitimate interests);
• To send service updates and, where you opt in, marketing communications (legal basis: legitimate interests or consent);
• To comply with legal obligations (legal basis: legal obligation).

4. How we share your information

We share personal data with the following categories of recipients:

• Service providers / subprocessors that help us run the Service (cloud hosting, database, analytics, error monitoring, email delivery, customer support tooling).
• Paddle.com, our Merchant of Record, for the sale of subscriptions, payment processing, subscription management, tax compliance, invoicing, and refund handling.
• Professional advisers (legal, accounting, insurance) under confidentiality.
• Authorities when required to comply with valid legal process or to protect rights and safety.

We do not sell your personal data.

5. Data retention

We retain your personal data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. After that period, we delete or anonymize your data. You may request deletion at any time (see Your rights below).

6. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and isolation of customer data. No system is perfectly secure, but we work to keep your information safe.

7. International transfers

We are based in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States. Where required, we rely on standard contractual clauses or other lawful mechanisms to protect international transfers.

8. Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you;
• Request correction of inaccurate data;
• Request deletion of your data;
• Restrict or object to certain processing;
• Receive a portable copy of your data;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with your local data protection authority.

We will respond to verified requests within one month. To exercise these rights, email us at hello@beyondtherubydoor.com.

9. Cookies

We use essential cookies required to keep you signed in and operate the Service. We may also use limited analytics cookies to understand how the Service is used. You can manage cookies in your browser settings; disabling essential cookies may break login.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

11. Changes

We may update this Privacy Notice from time to time. Material changes will be communicated via the Service or by email.

12. Contact

Questions about this notice or our privacy practices? Email hello@beyondtherubydoor.com.