Privacy Policy
Last updated: June 16, 2026
OffBoardEasy (“OffBoardEasy”, “we”, “us”) helps companies revoke a departing employee’s access across the platforms they use, track device return, transfer data ownership, and produce audit-ready reports. This policy explains what information we handle, how we use it, and the choices you have. It covers our website and the OffBoardEasy application (the “Service”).
Who is responsible for your data
For the workspace and employee data inside a customer’s account, the customer organization is the data controller and OffBoardEasy acts as a processor on their behalf. For account, billing, and website data, OffBoardEasy is the controller.
Information we collect
- Account & workspace data: your name, email, password (stored hashed by our auth provider), workspace name, role, and uploaded logo.
- Employee directory data you add: employee names, work emails, job titles, departments, managers, and platform identifiers (e.g. a GitHub username or Microsoft UPN) used to match accounts during offboarding.
- Offboarding records: offboarding events, access-revocation logs, device/asset status, data-handoff items, activity logs, and audit reports.
- Integration credentials: the admin tokens/keys you provide to connect a platform. These are encrypted at rest and used only to perform the access changes you trigger.
- Billing data: plan, subscription status, and payment records. Card details are handled by our payment processor — we do not store them.
- Usage & device data: log data, approximate location derived from IP (used to localize pricing currency), and analytics events.
- Feedback you choose to submit.
How we use information
- To provide, operate, secure, and improve the Service.
- To perform the offboarding actions you initiate — for example, suspending, disabling, or removing a departing employee on a connected platform.
- To authenticate users, enforce roles/permissions, and prevent abuse.
- To process subscriptions, payments, and trials.
- To respond to support requests and feedback.
- To comply with legal obligations.
What we never do
OffBoardEasy only manages user access and account lifecycle on the platforms you connect. We do not read, copy, or store the contents of your company’s email, files, messages, repositories, or other business data on those platforms. We request the minimum permissions needed to deactivate or remove a user.
Google API disclosure (Limited Use)
OffBoardEasy’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use the Google Admin SDK Directory scope solely to suspend a departing user you select; we do not use Google user data for advertising, do not sell it, and do not transfer it except as needed to provide the Service or as required by law.
How we share information
We do not sell personal information. We share it only with:
- The platforms you connect (e.g. Google Workspace, Microsoft Entra, GitHub, Okta, Slack, Zoom, Atlassian, 1Password, OpenAI, Anthropic), to carry out the access changes you trigger.
- Sub-processors that run the Service: our database/auth/storage host (Supabase), application hosting, our payment processor (Flutterwave), and analytics (Meta Pixel). An approximate-location lookup may use a third-party IP geolocation service.
- Authorities where required by law, or to protect rights, safety, and security.
- A successor entity in connection with a merger, acquisition, or asset sale.
Security
We protect data in transit with TLS and encrypt sensitive integration secrets at rest using AES-256-GCM. Access to workspace data is isolated per organization via row-level security, and administrative actions are permission-gated and logged. No system is perfectly secure, but we work to protect your information.
Data retention
We keep account and workspace data for as long as your account is active. You can delete employees, disconnect integrations (which removes their stored credentials), or delete your workspace, which permanently removes its data. We may retain limited records as required for legal, accounting, or security purposes.
Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise many of these directly in the app, or contact us. If your data sits inside a customer’s workspace, we will refer your request to that organization.
International transfers
We and our sub-processors may process data in countries other than yours. Where required, we rely on appropriate safeguards for such transfers.
Children
The Service is for businesses and is not directed to anyone under 18.
Changes
We may update this policy; we’ll revise the “Last updated” date and, for material changes, provide additional notice.
Contact
Questions or requests: privacy@offboardeasy.com.
This document is provided for transparency and does not constitute legal advice.

