// ════════════════════════════════════════════════════════════════ // Legal pages — one v2 template that renders Privacy / Terms / Security // by a ?doc= query param. The body copy below is lifted FAITHFULLY from the // production Privacy.html / Terms.html / Security.html (text unchanged in // meaning — only structured into data). Reuses the shared system: Nav, // Eyebrow, Section, Footer. // // Content-block shapes a section can hold (rendered by Block): // { p: "...html..." } paragraph (innerHTML — for /) // { h3: "..." } sub-heading // { ul: ["...", ...] } bullet list (items are innerHTML) // { ol: ["...", ...] } numbered list // { box: "...html..." } callout box (contact / highlight / disclosure) // { cards: [{icon,t,d}, ...] } pillar card grid (Security only) // { checks: ["...html...", ] } checkmark list (Security only) // ════════════════════════════════════════════════════════════════ const DOCS = { privacy: { eyebrow: "LEGAL", title: "Privacy Policy", updated: "Last updated: 10 May 2026 · Effective: 10 May 2026", sections: [ { h: "1. Who we are", blocks: [ { p: 'OrgPlease! is operated by Velocity Impact Solutions Inc., a company registered in Canada. When this policy says "OrgPlease", "we", "us" or "our", it means Velocity Impact Solutions Inc.' }, { p: 'We provide web-based org chart software at orgplease.com. This policy explains what personal data we collect, why we collect it, and the choices you have.' }, ]}, { h: "2. Data we collect", blocks: [ { h3: "Account information" }, { p: "When you create an account we collect your name and email address. If you invite teammates, we collect their email addresses so we can send them an invitation." }, { h3: "Org chart content" }, { p: "Any people, roles, departments, and reporting relationships you enter into OrgPlease are stored on our servers. You own this data — we only process it to provide the service." }, { h3: "Payment information" }, { p: 'Payments are handled entirely by Stripe. We never see or store your full card number. Stripe provides us with a transaction reference and the last four digits of the card used.' }, { h3: "Usage data" }, { p: "We collect standard server logs (IP address, browser type, pages visited, timestamps) to operate and improve the service. We do not sell this data or use it for advertising." }, { h3: "Communications" }, { p: "If you contact us via the contact form, we store your name, email address, and message so we can respond." }, ]}, { h: "3. How we use your data", blocks: [ { ul: [ "To provide and maintain the OrgPlease service", "To send transactional emails (account confirmation, password reset, invoices)", "To respond to support requests", "To detect and prevent fraud or abuse", "To comply with legal obligations", ]}, { p: 'We do not sell your personal data, use it for advertising, or share it with third parties except as described in section 4.' }, ]}, { h: "4. Third-party services", blocks: [ { p: "We use a small number of trusted sub-processors to operate the service:" }, { ul: [ 'Stripe — payment processing. Stripe Privacy Policy', 'Resend — transactional email delivery. Resend Privacy Policy', ]}, { p: "Each sub-processor is contractually required to protect your data and may only use it to perform services on our behalf." }, ]}, { h: "5. Data retention", blocks: [ { p: 'We retain your account data for as long as your account is active. You can delete your account at any time from Users → Danger zone → Delete account inside the app. Deletion is immediate: your login, all employees, presets, share links, and (if you are the sole member) the organisation itself are removed within seconds. Active subscriptions are cancelled in Stripe at the same time. We retain financial records (invoices, payment receipts) for up to 7 years where required by law or accounting standards.' }, ]}, { h: "6. Your rights", blocks: [ { p: "Depending on where you are located, you may have the right to:" }, { ul: [ 'Access the personal data we hold about you', 'Correct inaccurate data', 'Delete your data ("right to be forgotten")', 'Export your data in a portable format', 'Object to certain processing activities', ]}, { p: "To exercise any of these rights, contact us using the details in section 9. We will respond within 30 days." }, ]}, { h: "7. Cookies", blocks: [ { p: "We use a small number of strictly necessary cookies to keep you logged in and remember your preferences. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but doing so may prevent the app from working correctly." }, ]}, { h: "8. Security", blocks: [ { p: 'We use industry-standard measures to protect your data, including TLS encryption in transit and AES-256 encryption at rest. For more detail, see our Security page.' }, ]}, { h: "9. Changes to this policy", blocks: [ { p: 'We may update this policy from time to time. If we make material changes, we will notify you by email or by displaying a notice in the app at least 14 days before the changes take effect. The "last updated" date at the top of this page always reflects the current version.' }, ]}, { h: "10. Contact us", blocks: [ { p: "If you have any questions about this policy or how we handle your data, please get in touch:" }, { box: 'Velocity Impact Solutions Inc.
Canada
Contact us via our form' }, ]}, ], }, terms: { eyebrow: "LEGAL", title: "Terms of Service", updated: "Last updated: 10 May 2026 · Effective: 10 May 2026", sections: [ { h: "1. Agreement to these terms", blocks: [ { p: 'By creating an account or using OrgPlease! (the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are using the Service on behalf of an organisation, you represent that you have the authority to bind that organisation to these Terms, and "you" refers to that organisation.' }, { p: "If you do not agree to these Terms, do not use the Service." }, { p: 'The Service is provided by Velocity Impact Solutions Inc., a company registered in Canada ("OrgPlease", "we", "us").' }, ]}, { h: "2. The Service", blocks: [ { p: "OrgPlease! is a web-based platform for creating, managing, and sharing organisational charts. We reserve the right to modify, suspend, or discontinue any part of the Service at any time, with reasonable notice where practical." }, { h3: "Free plan" }, { p: "The Free plan allows up to 25 employees and is provided at no charge for as long as we offer it. We reserve the right to change the limits of the Free plan with 30 days' notice to existing users." }, { h3: "Paid plans" }, { p: 'Paid plans unlock additional features and higher employee limits. Pricing, features, and limits are described on the Pricing page and form part of these Terms.' }, ]}, { h: "3. Your account", blocks: [ { p: "You must provide accurate, current information when registering. You are responsible for keeping your login credentials secure and for all activity that occurs under your account. Notify us immediately if you suspect unauthorised access." }, { p: "You must be at least 16 years old to use the Service. Accounts may not be shared or transferred without our written consent." }, ]}, { h: "4. Acceptable use", blocks: [ { p: "You agree not to:" }, { ul: [ "Use the Service for any unlawful purpose or in violation of any applicable law", "Upload or transmit malware, viruses, or any harmful code", "Attempt to gain unauthorised access to any part of the Service or another user's account", "Scrape, crawl, or systematically extract data from the Service without our written permission", "Resell or sublicense access to the Service without our written permission", "Use the Service to store or process sensitive personal data beyond what is necessary for org chart management (e.g., health, financial, or government ID data)", ]}, { p: "We reserve the right to suspend or terminate accounts that violate these rules." }, ]}, { h: "5. Payments and refunds", blocks: [ { h3: "Billing" }, { p: "Paid plans are billed monthly or annually in advance. All prices are in USD unless otherwise stated. Payments are processed securely by Stripe." }, { h3: "Upgrades and downgrades" }, { p: "You may upgrade your plan at any time; the new rate takes effect immediately and is prorated for the current billing period. Downgrades take effect at the end of the current billing period." }, { h3: "Cancellation" }, { p: "You may cancel your subscription at any time. Access continues until the end of the paid period. We do not provide refunds for partial months on monthly plans." }, { h3: "Annual plans" }, { p: "Annual subscriptions cancelled within 14 days of the initial purchase are eligible for a full refund. After 14 days, cancellations are prorated from the cancellation date." }, { h3: "Failed payments" }, { p: "If a payment fails, we will retry up to three times over seven days and notify you by email. If payment is not resolved, your account will be downgraded to the Free plan." }, ]}, { h: "6. Your content", blocks: [ { p: 'You retain full ownership of all org chart data, employee records, and other content you submit to the Service ("Your Content"). By using the Service, you grant us a limited, non-exclusive licence to store, process, and display Your Content solely for the purpose of providing the Service to you.' }, { p: "We will not access Your Content except to provide support at your request, to comply with legal obligations, or to investigate suspected violations of these Terms." }, ]}, { h: "7. Our intellectual property", blocks: [ { p: "The Service, including its software, design, trademarks, and documentation, is owned by Velocity Impact Solutions Inc. and is protected by intellectual property laws. These Terms do not grant you any rights to our intellectual property beyond the limited right to use the Service as described herein." }, ]}, { h: "8. Confidentiality and privacy", blocks: [ { p: 'We handle your personal data in accordance with our Privacy Policy, which is incorporated into these Terms by reference.' }, ]}, { h: "9. Disclaimers", blocks: [ { box: 'The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. We do not warrant that the Service will be error-free, uninterrupted, or free of harmful components.' }, ]}, { h: "10. Limitation of liability", blocks: [ { p: "To the maximum extent permitted by applicable law, OrgPlease and its directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of profits, data, or goodwill — arising from your use of or inability to use the Service." }, { p: "Our total aggregate liability to you for any claims arising under these Terms shall not exceed the amount you paid us in the 12 months preceding the claim, or USD $100, whichever is greater." }, ]}, { h: "11. Indemnification", blocks: [ { p: "You agree to indemnify and hold harmless OrgPlease and its officers, directors, and employees from any claims, damages, or expenses (including reasonable legal fees) arising from your use of the Service, Your Content, or your violation of these Terms." }, ]}, { h: "12. Termination", blocks: [ { p: "Either party may terminate these Terms at any time. We may suspend or terminate your access immediately if we believe you are in material breach of these Terms. Upon termination, your right to use the Service ceases and we will delete Your Content within 30 days, unless required by law to retain it." }, ]}, { h: "13. Governing law", blocks: [ { p: "These Terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any dispute arising out of or relating to these Terms shall be subject to the exclusive jurisdiction of the courts of Ontario, Canada." }, ]}, { h: "14. Changes to these Terms", blocks: [ { p: "We may update these Terms from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the updated Terms." }, ]}, { h: "15. Contact", blocks: [ { p: "Questions about these Terms? Get in touch:" }, { box: 'Velocity Impact Solutions Inc.
Canada
Contact us via our form' }, ]}, ], }, security: { eyebrow: "TRUST & SAFETY", title: "Security", updated: "Your org chart data is sensitive. Here's exactly how we protect it.", sections: [ { h: "Our commitment", blocks: [ { p: "Org charts contain information about your people — names, roles, reporting lines, and team structures. We treat that data with the same care we'd want applied to our own. Security is built into OrgPlease from the ground up, not bolted on afterward." }, { cards: [ { icon: "🔒", t: "Encrypted in transit", d: "All traffic between your browser and our servers uses TLS 1.2 or higher. We enforce HTTPS everywhere." }, { icon: "🗄️", t: "Encrypted at rest", d: "Your data is encrypted using AES-256 on disk. Backups are encrypted with the same standard." }, { icon: "🔑", t: "Access controls", d: "Role-based permissions mean people only see what they're supposed to. Admin controls are separate from user access." }, { icon: "💳", t: "No card data stored", d: "Payments are handled entirely by Stripe. We never see or store your full card number." }, ]}, ]}, { h: "Infrastructure", blocks: [ { p: "OrgPlease runs on reputable cloud infrastructure with physical security, redundant power, and 24/7 monitoring. Our production environment is isolated from development and staging environments. Access to production systems is restricted to a small number of authorised personnel and requires multi-factor authentication." }, ]}, { h: "Application security", blocks: [ { checks: [ 'Passwords are hashed using bcrypt with a per-user salt. We never store plain-text passwords.', 'Sessions are cryptographically signed and expire after a period of inactivity.', 'Input validation is enforced on both client and server to prevent injection attacks.', 'Rate limiting is applied to login and API endpoints to protect against brute-force attacks.', 'Dependencies are kept up to date and monitored for known vulnerabilities.', 'HTTPS only — all HTTP requests are redirected to HTTPS. HSTS is enforced.', ]}, ]}, { h: "Data isolation", blocks: [ { p: "Each organisation's data is logically isolated from other organisations. Our access control layer enforces this at every query — there is no way for one organisation to access another's data through the application." }, { p: "OrgPlease staff cannot view your org chart content unless you grant explicit support access. Any support access is logged and time-limited." }, ]}, { h: "Backups and availability", blocks: [ { p: "We take automated daily backups of all customer data. Backups are encrypted, stored off-site, and tested regularly to ensure restorability. We target 99.9% monthly uptime. Status and incident history are available on request." }, ]}, { h: "Incident response", blocks: [ { p: "In the event of a security incident affecting your data, we will notify affected customers within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws. We will provide details of what happened, what data was affected, and what steps we have taken." }, ]}, { h: "Responsible disclosure", blocks: [ { p: "We welcome reports from security researchers. If you believe you've found a vulnerability in OrgPlease, please tell us privately before disclosing it publicly — we'll work quickly to address it." }, { box: 'To report a vulnerability: contact us via our form with the subject "Security disclosure". We aim to acknowledge all reports within one business day and will keep you updated as we investigate and resolve the issue.

Please do not access or modify other users\' data, run automated scanners against our production systems, or perform denial-of-service attacks. We appreciate researchers who act in good faith.' }, ]}, { h: "Questions?", blocks: [ { p: "If you have security questions that aren't answered here, we're happy to discuss them:" }, { box: 'Velocity Impact Solutions Inc.
Contact us via our form' }, ]}, ], }, }; // ===== One content block → element ===== function Block({ b }) { if (b.p) return

; if (b.h3) return

{b.h3}

; if (b.ul) return ; if (b.ol) return
    {b.ol.map((li, i) =>
  1. )}
; if (b.box) return
; if (b.cards) return
{b.cards.map((c, i) =>
{c.icon}

{c.t}

{c.d}

)}
; if (b.checks) return ; return null; } // ===== Page — reads ?doc=, defaults to privacy ===== function LegalPage() { // Doc id: prefer the per-page global (set by Privacy/Terms/Security-v2.html), // fall back to ?doc= for backward compatibility. const key = window.LEGAL_DOC || new URLSearchParams(window.location.search).get("doc") || "privacy"; const docKey = DOCS[key] ? key : "privacy"; const doc = DOCS[docKey]; React.useEffect(() => { document.title = doc.title + " · OrgPlease!"; let link = document.querySelector('link[rel="canonical"]'); if (!link) { link = document.createElement("link"); link.setAttribute("rel", "canonical"); document.head.appendChild(link); } link.setAttribute("href", "https://orgplease.com/" + docKey); }, [doc, docKey]); return
; } Object.assign(window, { DOCS, Block, LegalPage });