Pedant Studios

Privacy Policy

Last updated: 2026-05-05

Beta notice. Pedant Studios is an early-stage company and this policy reflects current practices in good faith. We update it as the business evolves; the "Last updated" date above tells you when the latest revision shipped. Material changes are described in the Changes section.

1. Who we are and what this covers

"Pedant Studios" refers to Pedant Studios LLC, a US-based limited liability company. This policy describes how we handle personal information across:

  • Our marketing website at pedantstudios.com
  • Our documentation site at docs.pedantstudios.com
  • Our products, including WebCenter (a workforce management application for small firms)

By using any of these, you agree to this policy. If you don't agree, please don't use them.

This policy applies to all current and future Pedant Studios products. Sections that describe product-specific behavior — what data we collect, product-specific privacy features, cookies — are organized by product. WebCenter is currently the only Pedant Studios product, so those sections describe WebCenter today; as we launch new products, we'll add subsections rather than start a new policy.

2. Our role with respect to your data

Pedant Studios plays different roles depending on whose data is involved. Knowing which role applies tells you whom to direct privacy questions to.

If you are… Pedant Studios is… Direct privacy requests to…
A visitor to our website or someone who contacts us through our forms The controller of your data (we decide what we collect and why) Pedant Studios — see section 9
An administrator at a customer firm who signs up for and configures WebCenter The controller of your account data (you're our direct customer) Pedant Studios — see section 9
An employee of a firm that uses WebCenter (you clock in, log mileage, etc., for that firm) A processor handling your data on behalf of your employer (the firm is the controller) Your employer (the firm) first; we'll redirect you if you contact us

The reason: when a firm uses WebCenter to manage its workforce, the firm decides what data it puts in, why, and what it does with it. Pedant Studios just runs the software. The firm is responsible for explaining its practices to its employees and for handling data subject requests from them. We help the firm fulfill those obligations under our contract with them.

3. What we collect, why, and how long

From visitors to pedantstudios.com and docs.pedantstudios.com

  • Contact form submissions — name, email address, topic, and your message. We use this to respond to you. Retained as long as needed for the conversation, then archived in our email system per normal email retention.
  • Email signup addresses — your email if you submit a signup form, plus the topic you signed up for (general or WebCenter). We use this to send the announcements you signed up for. You can unsubscribe at any time using the link at the bottom of any email we send.
  • Standard web server logs — IP address, user agent, requested URL, and timestamp, kept by our hosting provider for routine operations and security. Retained for the period set by our hosting provider (typically 30 days).

WebCenter — customer firm administrators

  • Account information — admin name, email, username, and a password hash (never the plaintext password) for sign-in.
  • Firm configuration — firm name, office locations, time zone, pay-period configuration, and other settings the admin enters.
  • Billing information — handled by Stripe; we receive a customer ID and subscription status, never the full card number.

Account and configuration data is retained for as long as the account is active and for a reasonable period after to allow account reactivation, then deleted on request or per our internal retention schedule.

WebCenter — employees of customer firms (we act as processor)

For employees of a customer firm, the data we hold on the firm's behalf typically includes:

  • Name, email, username, password hash, role and permissions assigned by the firm
  • Office and position assignments
  • Time clock entries (clock-in and clock-out times, with the office and position)
  • Mileage entries (date, miles, description, as the employee enters them)
  • Schedules the firm publishes for the employee
  • Internal messages the employee sends or receives within the firm

We don't intentionally collect special categories of data (race, religion, health, biometric data, geolocation by satellite, etc.). Employees should not enter such data into free-text fields.

Retention follows the firm's account lifecycle and any retention periods agreed with the firm. On the Free plan, time clock and mileage history older than 90 days is hidden from reports but is preserved in the database; full history is restored when the firm upgrades. When a firm closes its account, we follow our deletion process described in our customer agreement.

4. Service providers we use

We rely on a small number of US-based service providers to operate our products. Each is contractually bound to handle data only for the services we engage them for.

  • Vercel, Inc. — hosting for our website, documentation, and product application; serverless functions
  • Neon, Inc. — managed PostgreSQL database for the WebCenter application
  • Resend — transactional and marketing email delivery
  • Stripe, Inc. — payment processing for paid WebCenter subscriptions

If we add or change a service provider in a way that affects how personal information is handled, we'll update this list and note the change in the Changes section.

5. Product-specific privacy features

Some Pedant Studios products have privacy features beyond what general data-handling practices cover. This section describes those features per product.

WebCenter — cross-firm privacy boundary

WebCenter lets one employee account span multiple firms (helpful when, for example, a tax preparer works at two firms during the season). When an employee's account is linked across firms, we maintain a privacy boundary designed so that each firm sees only its own data. Our application's interfaces — including reports, exports, and admin views — are designed so that a firm does not see data from another firm, or any indication that an employee works at another firm.

This boundary is implemented in the application's data layer through request-scoped database access controls. The only place WebCenter surfaces cross-firm information is in the employee's own "My Schedule" view, where we may show that the employee has overlapping shifts at different firms — that warning is for the employee to act on and is not shared with any firm.

Like any software system, this boundary depends on our software operating as designed. We test it, design our database access pattern to fail closed (a misconfigured query returns no data rather than another firm's data), and treat any breach of the boundary as a data security incident (see section 13).

6. Marketing email

If you sign up for our email list, we'll send announcements related to the topic you signed up for (for example, the WebCenter waitlist sends WebCenter-specific announcements). Every email includes an unsubscribe link, and our email provider's preferences page lets you opt out of one topic without losing others. We'll honor unsubscribe requests promptly.

We don't sell or rent our email list to anyone, and we don't use it for behavioral advertising.

7. Cookies and tracking

We use a minimal set of cookies, and only for things that need them:

  • Session cookies in WebCenter, to keep you signed in. These are necessary for the application to function and expire when your session ends or after a period of inactivity.
  • A signed tenant cookie in WebCenter, used to remember which firm you're currently working in if your account is linked to multiple firms.

We do not use third-party advertising cookies or analytics that track you across sites. We do not currently run a website analytics tool. If we add one, we'll choose a privacy-respecting option and update this policy.

8. Security

We use industry-standard practices to protect personal information, including:

  • HTTPS for all web traffic to our sites and applications
  • Encryption of credentials and other sensitive data at rest, as provided by our database service
  • Hashed (never plaintext) passwords for all user accounts
  • Role-based access controls within WebCenter, with audit logs for sensitive actions
  • Limited access to production systems, granted only as needed

No system is fully secure. We can't guarantee that personal information will never be exposed by a determined attacker, a service-provider failure, or an unforeseen vulnerability. We commit to the practices above and to acting promptly if we learn of an incident — see section 13.

9. Your privacy rights

Depending on the state where you live, you may have the following rights with respect to personal information about you that Pedant Studios holds as a controller (see section 2):

  • Right to know what personal information we have about you
  • Right to access a copy of that information
  • Right to correct inaccurate information
  • Right to delete personal information we hold about you
  • Right to portability — receive your data in a portable format
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising (we don't do this — see section 10)
  • Right to limit the use of sensitive personal information (we don't intentionally collect any)
  • Right to non-discrimination — we won't deny services or change pricing because you exercised these rights
  • Right to appeal a denial of a request, in states that provide it (Colorado, Connecticut, Virginia, and others)

How to make a request

Submit a request through our contact form and select "General question" as the topic (or whichever topic best fits your request). Tell us:

  1. What right you're exercising (access, deletion, correction, etc.)
  2. Which Pedant Studios product or website it concerns
  3. Enough information to find your data (the email address you used to contact us, sign up, or create an account)

Identity verification

We'll ask you to verify your identity before fulfilling a request — usually by confirming you have access to the email address on file or by other reasonable means proportionate to the sensitivity of the request. We do this to make sure we're not handing your data to someone else.

Response timeline

We'll acknowledge your request within 10 business days and respond substantively within 45 days. If a request is genuinely complex (for example, it involves significant volume), we may extend this period by up to another 45 days and will tell you when we do so and why.

If you're an employee whose data is in WebCenter at a customer firm

For data we hold as a processor on behalf of your employer (the customer firm), please direct your request to your employer first — they have direct access and the legal role to make decisions about your data. If you contact us, we'll redirect you and, if appropriate under our agreement with the firm, support the firm in fulfilling your request.

When we may decline a request

We may decline a request if:

  • We can't reasonably verify your identity
  • The request would require us to violate a legal obligation (for example, retaining records under tax or employment law)
  • The request is for data we hold only as a processor, in which case we'll direct you to the controller
  • The request is manifestly unfounded or excessive (such as repeated identical requests)

If we decline, we'll tell you why. In states that provide an appeal process (currently Colorado, Connecticut, Virginia, and a growing list of others), we'll explain how to appeal.

10. We do not sell or share your information for advertising

Pedant Studios does not sell personal information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months. We have no plans to start; if that ever changes, we'll update this policy and provide a clear opt-out before any change takes effect.

Sensitive personal information. We do not sell or share sensitive personal information, and we do not use or disclose sensitive personal information for purposes other than providing and improving the Service, supporting Customers, and complying with applicable law.

Service providers vs. selling. We use service providers (such as our hosting, database, email-delivery, and payment-processing providers, identified in section 4) to perform business functions on our behalf, under contracts that limit their use of personal information to what's necessary for those services. Engaging service providers in this way is not "selling" or "sharing" personal information under applicable privacy laws.

11. Children and minors

Pedant Studios products are designed for businesses and adults working at them. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please reach out via our contact form and we'll delete it. Customer firms are responsible for not adding minors to their WebCenter accounts in violation of applicable child labor and privacy laws.

12. Where this policy applies

Pedant Studios is a US-based company, our service providers are US-based, and our products are designed and marketed for US-based businesses. We do not currently support customers in the European Union, the United Kingdom, or other regions with comprehensive cross-border data protection regimes that would require additional safeguards.

If you are located in such a region and choose to use our website or products, you do so on your own initiative and are responsible for compliance with local laws. We may decline to provide service in such cases.

13. Data security incidents

If we determine that personal information has been compromised in a way that creates a meaningful risk of harm, we'll notify affected Customer firms (and, where we're a controller for the affected data, the affected end users directly) as soon as practicable, and in any case within the timelines required by applicable law. For data we hold as a processor for a Customer firm, we'll notify the firm so they can fulfill their own notification obligations to their employees.

Initial notification will describe what we know at the time. As our investigation progresses, we'll follow up with the additional information required by applicable law — typically: what happened, when we became aware, what categories of information were involved, what we're doing about it, and what affected users can do.

14. Changes to this policy

We update this policy from time to time as our products and practices evolve. The "Last updated" date at the top reflects the most recent change. For material changes (such as a new category of data we collect, or a new use of personal information), we'll provide additional notice — for example, an email to subscribed users or a notice on the website — at least 30 days before the change takes effect.

A non-binding revision history is maintained for reference; we don't yet publish it externally but can provide it on request.

15. How to contact us

For privacy questions, requests under section 9, or anything else covered by this policy:

  • Web form: pedantstudios.com/contact — the fastest way to reach us
  • Mail: Pedant Studios LLC — postal address available on request via the contact form above

This policy is provided in good faith based on current practices and applicable US state privacy laws. It is not legal advice. If you have questions about how it applies to your specific situation, you may want to consult an attorney.