Palm Commissions LogoPalm Commissions

Privacy Policy

Effective date: April 1, 2026

Palm Commissions, LLC ("Palm Commissions," "we," "us," or "our") operates the Palm Commissions web application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By creating an account, you acknowledge that you have read and understand this Privacy Policy and consent to the collection and use of your information as described below. If you do not agree, do not create an account or use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address. Authentication is handled via email and password through our database provider, Supabase.

1.2 Commission and Financial Data

You upload commission statements (CSV or XLSX files) and manually enter expected commission records. This data may include transaction dates, amounts, carrier/source names, commission types, client names, and notes. We also store annuity contract details including carrier names, premium amounts, trail percentages, and payment tracking.

Uploaded files are processed in-memory to extract structured data. We store the extracted records and file metadata (file name, size, type, processing status) but do not retain the original uploaded files on our servers after processing.

1.3 Billing Information

Subscription payments are processed by Stripe. We do not collect, store, or have access to your credit card number or full payment details. We store only your Stripe customer identifier and subscription status to manage your plan.

1.4 Usage and Diagnostic Data

We automatically collect:

  • Product analytics via PostHog, including page views, page leave events, feature usage, and device/browser information. PostHog uses cookies and localStorage to maintain a session identifier. PostHog analytics are only activated after you provide cookie consent. You can opt out at any time by withdrawing consent via the cookie settings link in the site footer.
  • Error and performance data via Sentry, including exception details, performance traces, and your user ID and email when errors occur, to diagnose and fix issues.
  • Analytics data via Vercel Analytics and Speed Insights, including page views, interactions, and Core Web Vitals performance metrics. This data is aggregated and does not use cookies or track you across other sites.

1.5 Feedback and Survey Data

If you submit feedback through the app, we collect your message, the page URL, and your browser user agent string. If you cancel your subscription, we may collect an exit survey response including your cancellation reason.

1.6 Email Communication Records

We maintain a log of transactional and product emails sent to you (e.g., welcome emails, onboarding messages, monthly summaries, payment alerts) for compliance and delivery tracking purposes.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your commission data and display dashboards and reports
  • Process subscription payments and manage your account
  • Send transactional emails (account confirmations, password resets, payment alerts)
  • Send product emails (onboarding tips, monthly commission summaries, inactivity reminders) based on your communication preferences
  • Diagnose errors and monitor application performance
  • Respond to your feedback and support requests
  • Enforce our Terms of Service and protect against fraud

3. Third-Party Service Providers

We share your information with the following service providers, solely to operate and improve the Service:

ProviderPurposeData Shared
SupabaseDatabase hosting and authenticationAccount info, commission data, all stored records
StripePayment processingName, email, subscription metadata
ResendEmail deliveryName, email, personalized email content
SentryError monitoring and performanceUser ID, email, error/performance traces
PostHogProduct analytics and user behaviorUser ID, page views, feature usage events, device/browser info (consent-gated)
VercelHosting, analytics, and performance monitoringAggregated page view and performance metrics
GitHubFeedback issue tracking (when enabled)Email, feedback message, page URL, user agent

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Retention

We retain your data as follows:

  • Active accounts: All data is retained for as long as your account is active.
  • After account deletion:
    • Commission data, uploads, templates, annuity contracts, and pending records are deleted within 30 days.
    • Profile and authentication data are deleted within 30 days.
    • Billing records (Stripe customer ID, payment history references) are retained for 7 years for tax and financial record-keeping compliance.
    • Email delivery logs are anonymized within 30 days (timestamps and email types are preserved; personal identifiers are removed).
    • Feedback and exit survey responses are anonymized within 30 days (your identity is removed; the content is retained for product improvement).
  • Error and performance data in Sentry is governed by Sentry's retention settings (typically 30–90 days).

5. Data Security

We implement technical safeguards to protect your data, including:

  • Row Level Security (RLS) on all database tables, ensuring each user can only access their own data
  • Encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our servers
  • Encrypted storage at rest provided by our database and hosting providers
  • Scoped API keys with least-privilege access for each service integration

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Export

You can view all of your commission data, uploaded records, and account information within the Service at any time. To request a full export of your data, contact us at the email below.

6.2 Deletion

You may delete your account through your account settings or by contacting us. Upon deletion, your data will be purged according to the retention schedule in Section 4.

6.3 Marketing Emails

You can opt out of product and marketing emails at any time through your account settings. Transactional emails (payment confirmations, security alerts) cannot be opted out of while your account is active.

6.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know — what personal information we collect and how it is used (described in Sections 1–3)
  • Right to Delete — request deletion of your personal information (see Section 6.2)
  • Right to Correct — request correction of inaccurate personal information we hold about you. You may correct your account information directly in the Service or contact us for assistance.
  • Right to Opt Out of Sale or Sharing — we do not sell or share your personal information with third parties for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information — your commission and financial data may constitute sensitive personal information under CPRA. We use this data solely to provide the Service as described in Section 2 and do not use it for purposes beyond what is necessary to provide the Service. You may contact us to request we limit our use of sensitive personal information to only that which is necessary.
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your privacy rights

To exercise these rights, contact us at the email below. We will verify your identity and respond within 45 days as required by law. If we need additional time, we will notify you of the extension (up to an additional 45 days).

6.5 Do Not Track Signals

The Service does not respond to "Do Not Track" (DNT) browser signals. However, as described in our Cookie Policy, we do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies.

6.6 International Users (GDPR)

The Service is designed for and directed to users in the United States. If you access the Service from outside the United States, please be aware that your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • Legal basis for processing: We process your personal data based on your consent (provided when you create an account), the performance of our contract with you (our Terms of Service), and our legitimate interests in operating and improving the Service.
  • Data transfers: Your data is transferred to the United States. Our service providers (listed in Section 3) maintain appropriate safeguards for international data transfers.
  • Your rights: In addition to the rights in Section 6, you have the right to lodge a complaint with your local supervisory authority, request restriction of processing, and request data portability.
  • Data controller: Palm Commissions, LLC is the data controller for your personal information.

7. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

  • Investigate the breach promptly and take steps to mitigate any harm
  • Notify affected users by email without unreasonable delay, and in any event within the timeframes required by applicable law (including Kentucky Revised Statutes § 365.732)
  • Provide details about the nature of the breach, the types of information involved, and steps you can take to protect yourself
  • Notify applicable regulatory authorities as required by law

8. Third-Party Data in Your Uploads

Your commission data may include personal information about third parties (such as client names). You are the data controller for any third-party personal information you upload to the Service. You are responsible for ensuring you have the right to upload such data and for complying with applicable privacy laws regarding that data. We process this data solely on your behalf as a data processor to provide the Service.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Palm Commissions, LLC
Email: support@pcommissions.com