Skip to content

Privacy Policy

Effective: May 2026

This policy explains what Sidelay collects, why we collect it, and what we do with it. We try to collect as little as possible, and to be honest about the rest.

Who we are

Sidelay is operated by Périmètre, a digital product consultancy registered in Montréal, Québec, Canada. When this policy says “we”, that’s us.

What we collect

When you create an account, we collect your name, your email address, and a hashed copy of your password (we don’t store passwords in readable form). Authentication is handled through Clerk, our identity provider.

When you use Sidelay, we collect the URLs of pages you review, the comments and diagnostics you create, the people you invite to your projects, and basic usage data like which pages of the app you open and what time. We use this to make Sidelay work and to figure out what to build next.

Automatically, we record limited technical information when you use Sidelay: your IP address, browser type, and approximate location based on IP. This is standard server logging and we keep it for a short, fixed period for security and debugging.

We do not collect special category data (health, biometrics, political opinions, etc.) and we have no reason to. If you ever paste any into a comment, please don’t.

What we don’t collect

  • We don’t track you across other websites
  • We don’t sell your data to anyone
  • We don’t train AI models on your content
  • We don’t collect data from children under 13

Why we collect it

A short list of why each thing is necessary:

  • To run the service: we can’t show you your comments if we don’t store them
  • To keep accounts secure: detecting and stopping abuse needs some technical data
  • To improve Sidelay: aggregate usage data helps us decide what to fix next
  • To meet legal obligations: tax, accounting, and any lawful request from authorities

Who we share it with

We share data only with the service providers that help us run Sidelay. Today that means:

  • Clerk: for authentication
  • Neon / Postgres host: where your comments and account data live
  • Upstash: for rate limiting and short-lived caching
  • Vercel: where the app is hosted, and which receives request logs
  • Resend: for transactional email like sign-up confirmations

Each provider only sees what it needs to do its job. We don’t sell access to your data, and we don’t share it with advertisers or data brokers, ever.

Where it’s stored

Your data lives on servers operated by the providers above, located primarily in North America. By using Sidelay, you understand that your data may cross borders to be processed. We choose providers that offer reasonable security guarantees.

How long we keep it

  • Account data: as long as your account is open, plus a short retention period after you close it (typically 30 days) so we can recover from mistakes
  • Comments and diagnostics: as long as the project they belong to is open
  • Logs and rate-limit data: for a short, fixed period (typically 30 days)
  • Billing records: as long as the law requires us to keep them (in Québec, that’s typically 6 years)

Your rights

Whatever country you’re in, you have the right to know what data we hold about you, to correct it if it’s wrong, and to ask us to delete it. If you’re in Québec, the European Union, or another jurisdiction with strong privacy law, you also have the right to data portability and to object to certain processing. Email privacy@sidelay.com and we’ll handle it.

You won’t be charged or penalised for using these rights.

Cookies and similar technologies

We use a small number of cookies, all strictly necessary to keep you signed in, keep your session secure, and remember basic preferences. We don’t use advertising or analytics cookies that track you across sites.

Security

We take reasonable steps to protect your data: encryption in transit, hashed passwords, access controls inside the team, and regular updates to our dependencies. No system is perfectly secure. If we ever have a breach that affects you, we’ll tell you and the relevant authorities within the time limits set by law.

Changes to this policy

When we make significant changes to this policy, we’ll tell active users by email or a notice in the app. The effective date at the top of this page tells you when the current version took effect.

Get in touch

For anything privacy-related: privacy@sidelay.com.

For all other questions: hello@sidelay.com.

You can also contact the Commission d’accès à l’information du Québec, which oversees privacy law in Québec, at cai.gouv.qc.ca.