Commish

Privacy Policy

Last Updated: March 2026

Introduction

Commish ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website (getcommish.io) or use our sales compensation platform.

Information We Collect

Information You Provide

  • Account Information: Name, email address, job title when you create an account
  • Company Information: Company name, team size, compensation plan details
  • Contact Information: Name, email, phone number when you book a call or contact us
  • Payment Information: Billing details processed through our payment provider (we do not store credit card numbers)

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent in the application
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies to keep you logged in and analytics cookies to improve our service

How We Use Your Information

We use your information to:

  • Provide and maintain our commission tracking service
  • Process your transactions and send related information
  • Respond to your inquiries and provide customer support
  • Send administrative information (updates, security alerts)
  • Improve our website and services
  • Comply with legal obligations

Data Storage and Security

  • Your data is hosted with reputable infrastructure providers (including Supabase/AWS)
  • Core tenant data uses organization-scoped access controls and production-verified RLS hardening
  • Account roles limit what reps, managers, finance users, and admins can see or change
  • API keys are stored as hashes, checked against scopes, rate-limited per key, and logged for operational review
  • Webhook management requires admin scope, HTTPS endpoints, non-local targets, and per-subscription secrets
  • We use HTTPS for data in transit, provider-supported storage protections, and reviewed backup/rollback plans for sensitive database changes
  • We do not claim SOC 2 certification or point-in-time recovery unless those controls are explicitly active for your implementation
  • We do not sell your data to third parties

Data Sharing

We only share your data with:

  • Service Providers: Hosting (Vercel, Supabase), payment processing (Stripe), email (Resend) — only as needed to provide our services
  • Legal Requirements: If required by law or to protect our rights

We do not sell, rent, or trade your personal information.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications

To exercise these rights, contact us at [email protected].

Data Retention

  • We retain your data as long as your account is active
  • After account termination, we delete your data within 90 days
  • We may retain certain data as required by law

Cookies

We use:

  • Essential Cookies: Required for the application to function (authentication)
  • Analytics Cookies: To understand how visitors use our site (can be disabled)

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices.

Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.

Contact Us

If you have questions about this privacy policy, contact us at:

Email: [email protected]

Address:
Commish
Charlotte, NC
United States

By using Commish, you agree to this Privacy Policy.