Privacy Policy

[Your Company Name] ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

[Your Company Name] is the data controller for personal data collected through the Service.

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide

• Account information: Name, email address, password (hashed), and profile details when you register
• Payment information: Billing address and payment method details (processed securely by our payment providers; we do not store card numbers)
• Communications: Messages you send us via support, feedback forms, or email
• User content: Any content you create, upload, or submit through the Service

2.2 Data Collected Automatically

• Usage data: Pages visited, features used, actions taken, and time spent on the Service
• Device information: IP address, browser type and version, operating system, and device identifiers
• Log data: Server logs including timestamps, error logs, and request details
• Cookies and tracking: See Section 7 (Cookie Policy) for details

2.3 Data from Third Parties

• OAuth providers: If you sign in using Google, GitHub, or other third-party providers, we receive basic profile information from them
• Payment processors: Transaction confirmation and billing details from Stripe or Polar.sh

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

4. Data Sharing

We do not sell your personal data. We share data only with trusted third parties necessary to operate the Service:

• Payment processors: Stripe and/or Polar.sh for billing
• Email service: Resend for transactional emails
• Analytics: PostHog for product analytics (data is pseudonymized)
• Cloud hosting: Infrastructure providers for hosting and storage
• Legal requirements: When required by law, court order, or governmental authority

All third-party service providers are bound by data processing agreements and are required to maintain the confidentiality and security of your data.

5. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (e.g., financial records for 7 years)
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for analytical purposes.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete personal data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Ask us to limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [privacy@yourcompany.com]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Cookie Policy

We use cookies and similar tracking technologies to improve your experience on the Service.

7.1 Types of Cookies

• Essential cookies: Required for the Service to function. These cannot be disabled. Examples: session cookies, authentication tokens.
• Analytics cookies: Help us understand how you use the Service (PostHog). Only set with your consent.
• Preference cookies: Remember your settings and preferences across sessions.

7.2 Managing Cookies

You can control non-essential cookies through our cookie consent banner or your browser settings. Disabling certain cookies may affect functionality.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where we transfer data from the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

However, no method of transmission over the Internet or electronic storage is 100% secure. If you become aware of any security breach, please contact us immediately.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on our website. The date at the top of this page indicates when the policy was last revised.

12. Contact Us

For privacy-related questions, requests, or complaints, please contact our Data Protection Officer: