Legal

Privacy Policy

Last updated: 30 May 2026

Plain-language summary: ScheduleInsight processes your Primavera schedule files to compute quality metrics and generate reports. We do not sell your data or share your schedules with third parties. You can delete your account and stored reports at any time.

1. Who we are

ScheduleInsight ("we", "us") provides browser-based schedule analytics for Primavera P6. This policy explains what data we collect, why, and how it is handled. Questions: vamsikirank@gmail.com.

2. What we collect

Account data — your email address and authentication details, handled by our authentication provider (Supabase).
Schedule files — parsed in your browser and not collected by us. We only store a generated report if you choose to create a shareable link for it.
Payment data — processed by Stripe. We never see or store your full card details; we retain only a customer reference and the status of your purchases and subscriptions.
Operational logs — minimal request/error logs used to keep the service running and secure.

3. How your schedule data is processed

Your schedule file is parsed and analysed entirely in your browser. The .xer/.xml file is read locally with client-side JavaScript to compute the Schedule Quality Index, the metric breakdowns, the Gantt and the report — the raw schedule file is never uploaded to our servers.

The only time schedule-derived content leaves your device is when you explicitly create a shareable report link: at that point the generated report (not the source XER) is stored via our database provider (Supabase) so the link can serve it, subject to whatever passcode, expiry and revocation you set. You can revoke or delete a shared report at any time.

Your schedules are used only to provide the analysis you request. We do not use your schedule content to train models, and we do not share or sell it.

4. Shareable report links

When you create a share link, the report is stored so the link can serve it. You control each link: you can set a passcode, an expiry, a recipient watermark, and you can revoke a link at any time, which immediately makes it inaccessible.

5. Retention and deletion

We keep account, schedule and report data while your account is active. You can delete shared reports individually, and you can request deletion of your account and associated data by emailing us; we will remove it within a reasonable period except where we must retain limited records (for example, payment records required for tax or accounting).

6. Sub-processors

We rely on a small number of trusted providers to operate the service: Vercel (hosting/compute), Supabase (authentication and database), and Stripe (payments). Each processes data only as needed to deliver their part of the service.

7. Your rights

Depending on your jurisdiction (including under GDPR/UK GDPR), you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing. To exercise any of these, contact us at the address above.

8. Security

We use encryption in transit, scoped access keys, and provider-managed infrastructure. No system is perfectly secure, but we work to protect your data and to limit who and what can access it.

9. Changes

We may update this policy as the product evolves. Material changes will be reflected by the "last updated" date above.

This document is a good-faith description of how ScheduleInsight handles data and is provided for transparency. It is not legal advice. Before relying on it, have it reviewed against your specific obligations and jurisdiction.