Privacy Policy
1. Who we are
Accord ("Accord," "we," "us") is a service operated by Rural Capital LLC, PO Box 368, Robert Lee, TX 76945 — support@planwithaccord.com. Accord helps event planners coordinate the vendors working their events.
This policy explains what we collect, why, who we share it with, and your choices.
2. The three kinds of people in Accord
We treat these groups differently because they interact with us differently:
- Planners — registered account holders who use Accord to organize events and coordinate vendors.
- Vendors — third-party businesses a Planner adds to an event. Vendors do not create accounts; they view event information through a unique link. Their contact details are entered by the Planner, not collected from the vendor. We process vendor information on behalf of the Planner (the Planner is the controller; we are the processor).
- Clients — the Planner's customers (for example, a couple getting married). Client contact details are entered by the Planner. Clients do not use Accord directly today. We process client information on behalf of the Planner.
3. What we collect
From Planners (account data)
- Email address and password (passwords are handled by our authentication provider; we never store them in plain text).
- The business profile you create (business name, phone, website, location, bio).
- Records of your acceptance of our Terms (timestamp and version).
- Content you enter: event details (title, date, venue), timelines, notes, vendor names/emails/categories, and client names, emails, and phone numbers.
- Documents you upload (contracts, floor plans, timelines, images).
From or about Vendors (processed for the Planner)
- Business name, contact name, email, phone, and category — provided by the Planner.
- Whether a vendor's access link has been revoked or regenerated.
From or about Clients (processed for the Planner)
- Name, email, and phone number — provided by the Planner.
Automatically
- Standard server logs (IP address, timestamps, request data) for security and reliability, including rate-limiting of the public vendor-link pages.
- If analytics are enabled, aggregate cookieless product-usage analytics. We do not track you across other websites.
- Strictly-necessary cookies for authentication and session management (Planners only; vendor link pages set no auth cookies).
4. What we do not do
- We do not sell your personal information.
- We do not use vendor or client information for any purpose other than providing the service to the Planner who entered it.
- We do not contact your vendors or clients — Accord currently sends no email to them.
- Vendor access links are stored hashed — a database leak alone cannot expose a working link.
5. How we use information
- To provide the service: display event information to the Planner and to vendors holding a valid access link, store documents, and generate secure time-limited download links.
- To secure the service, prevent abuse (including brute-force protection on vendor links), debug, and meet legal obligations.
6. Sub-processors (who we share data with)
We use trusted vendors to run the service. They process data only to provide their service to us:
- Supabase — database, authentication, and file storage (hosts account data and uploaded documents). United States (AWS us-east-1).
- Fly.io — application hosting. United States.
We maintain data-processing agreements (DPAs) with these sub-processors. We may also disclose information if required by law or to protect rights and safety.
7. Where documents live and how they're protected
Uploaded documents are stored in a private storage bucket. They are never served from a public URL; access is granted only through short-lived signed links generated for the event's Planner, or for a vendor holding a valid access link and only for documents the Planner has explicitly marked as shared with vendors (documents are private by default). Data is encrypted in transit and at rest as provided by Supabase.
8. Vendor access links
Each vendor's link contains a unique code. Codes are stored hashed with a server-side secret; the public link pages are rate-limited; links can be revoked or regenerated by the Planner at any time, and revoked-link history is retained as an audit record.
9. Retention
- Event data, documents, and access-link history are retained for the life of the account plus 90 days, then deleted.
- Documents a Planner deletes in the app are removed from storage at deletion time.
- You may request deletion of specific data — see §11.
10. Your rights
Depending on where you live (e.g., GDPR for the EU/UK, CCPA/CPRA for California), you may have rights to access, correct, delete, or port your personal information, and to object to certain processing. Vendors and clients should direct requests to the Planner who entered their information, or contact us and we will route the request. We respond within 30 days.
11. Contact / requests
support@planwithaccord.com — Rural Capital LLC, PO Box 368, Robert Lee, TX 76945.
12. Children
Accord is a business tool not directed to children and is not intended for anyone under 16.
13. International transfers
Accord is operated from the United States and data is stored in the United States. If you use the service from outside the US, you understand your information is transferred to and processed in the US.
14. Changes
We may update this policy. We will post the new version with an updated effective date and notify account holders of material changes.