Privacy Policy

1. Who This Policy Applies To

This policy applies to all users of the Purple Billing application and website, including account administrators, team members, and anyone who interacts with our services. Purple Billing is a B2B service intended for use by businesses — specifically MSPs and MSSPs managing SentinelOne environments.

2. Information We Collect

We collect only the information necessary to provide our service:

• Account information: Your name, email address, company name, and password (hashed, never stored in plain text)
• SentinelOne API credentials: Encrypted using AES-256 and stored securely. Never accessible in plain text outside of API calls
• Billing and usage data: Agent counts, site names, SKU configurations, and module status retrieved from your SentinelOne environment via API
• Payment information: Processed via our payment provider. We do not store credit card numbers on our servers
• Usage data: Pages visited, features used, and general session metadata to improve the product

3. How We Use Your Information

We use your data exclusively to:

• Provide, operate, and maintain the Purple Billing service
• Sync and display your SentinelOne billing and usage data
• Send transactional emails (account verification, password resets, billing notifications)
• Detect and prevent fraudulent or unauthorized access
• Improve product features based on aggregate, anonymized usage patterns
• Respond to support requests and customer inquiries

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Security

We implement the following security measures to protect your data:

• AES-256 encryption for all sensitive credentials at rest
• TLS encryption for all data in transit
• Access controls limiting which personnel can access production systems
• Regular security reviews and vulnerability assessments
• No SentinelOne API credentials are stored in plain text at any point

While we take all reasonable precautions, no system is completely immune to security risks. We encourage you to use strong passwords and limit API credentials to read-only permissions.

5. Data Retention

We retain your account data for as long as your account is active. If you cancel your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records. Anonymized, aggregated usage data may be retained indefinitely.

6. Your SentinelOne Data

Purple Billing accesses your SentinelOne environment using API credentials you provide. The data fetched (agents, sites, SKUs, modules) is used solely to generate billing reconciliation reports within your account. We do not use this data for any other purpose, and we do not share it with any third party.

7. Cookies and Tracking

We use minimal cookies necessary for session management and authentication. We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies, does not track individual users, and does not collect personally identifiable information. No data is shared with advertising networks.

8. Third-Party Services

We use a limited set of third-party services to operate Purple Billing:

• AWS (Amazon Web Services): Hosting, storage, and email delivery (SES)
• Stripe or equivalent: Payment processing (we never see raw card data)
• Plausible Analytics: Privacy-first website analytics

Each third-party provider is subject to its own privacy policy. We select providers that maintain high data protection standards.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability — receive a copy of your data in a machine-readable format

To exercise any of these rights, contact us at privacy@purplebilling.com.

10. Children's Privacy

Purple Billing is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice in the application. Your continued use of the service after changes are posted constitutes acceptance of the revised policy.