Effective Date: April 3, 2026

Self Employment Toolkit ("we," "us," or "our") operates the web application at selfemploymenttoolkit.com (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information we collect

When you create an account, we collect:

• Account information: your email address and a securely hashed password.
• Usage data: mileage trips (start/end coordinates, distances, categories, dates), time entries (clock in/out times, dates, notes), client information (names, addresses, hourly rates), and saved locations you choose to store.

All usage data is stored securely in our database and is scoped to your authenticated account. No other user can access your data.

2. How we use your information

We use your information solely to:

• Provide and operate the Service (mileage tracking, time tracking, reporting).
• Authenticate your identity and secure your account (including MFA).
• Generate reports you request (timesheets, mileage summaries).

We do not use your data for advertising, profiling, or any purpose beyond operating the Service.

3. Third-party services

The Service relies on the following third-party providers:

• Cloudflare (hosting and security): We use Cloudflare for network delivery, DDoS protection, and bot verification (Turnstile). Cloudflare processes requests to deliver the Service and may collect limited technical data (IP addresses, request metadata) under their own privacy policy.
• Google Analytics (GA4): we use Google Analytics to understand aggregate, anonymous usage patterns such as page views and traffic sources. IP anonymization is enabled. Google Analytics does not receive your account data, trip details, or any other information you enter into the Service. You can opt out using the Google Analytics Opt-out Browser Add-on.
• Google Fonts: serves the Inter typeface. Google may collect limited technical data when fonts are loaded.
• OpenStreetMap / OSRM: provides geocoding and route distance calculations. Coordinates are sent to these services to compute driving distances, but no personally identifiable information is transmitted.

We do not use advertising trackers or sell your data to any third party.

4. Data sharing

We do not sell, rent, or trade your personal information to any third party. Your data is shared only with the third-party infrastructure providers listed above, strictly for operating the Service.

5. Cookies and local storage

The Service uses:

• httpOnly cookies: for secure session authentication. These are essential for the Service to function and cannot be accessed by JavaScript.
• localStorage: to store your light/dark theme preference. This data stays on your device and is never transmitted to our servers.
• Google Analytics cookies (_ga, _gid): anonymous cookies set by Google Analytics to distinguish users and sessions for aggregate traffic analysis. These do not contain your account information. You can opt out via the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies or cookies that track you across other websites.

6. Data security

We take security seriously:

• Passwords are hashed with PBKDF2 before storage (never stored in plain text).
• Authentication uses httpOnly cookies (not localStorage tokens) to mitigate XSS risks.
• Multi-factor authentication (TOTP) is available and recommended.
• All data is transmitted over HTTPS/TLS.
• Content Security Policy headers protect against script injection.
• Rate limiting protects against brute-force attacks.

7. Data retention and deletion

Your data is retained as long as your account is active. You can delete your account and all associated data directly from Settings inside the app, or contact us at support@selfemploymenttoolkit.com. We will process deletion requests promptly.

8. Children's privacy

The Service is not directed at individuals under 13 years of age. We do not knowingly collect information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

9. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us at support@selfemploymenttoolkit.com.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.