Privacy Policy

Last updated: {{EFFECTIVE_DATE}}

1. Introduction

This Privacy Policy explains how {{COMPANY_LEGAL_NAME}} (“we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use {{PRODUCT_NAME}} (the “Service”). It applies to the Service and to any related interactions you have with us, such as support requests sent to privacy@{{DOMAIN}}. We write this policy in plain English; if anything is unclear, contact us and we will explain.

2. What we collect

We collect only the information needed to operate the Service:

  • Account information. Your email address, your name (if you provide one), and a salted hash of your password. We never store passwords in plain text.
  • Usage data. Basic logs of requests to the Service (timestamps, IP address, user agent, URL paths, response codes) for security, debugging, and capacity planning.
  • Payment information. Payments are processed by {{MOR_NAME}} as our Merchant of Record. {{MOR_NAME}} collects and stores billing details, including card numbers; we receive only the information needed to provision your subscription (such as your subscription status and a {{MOR_NAME}} customer identifier). We do not store full card numbers on our systems.
  • Communications. Messages you send us through the contact form, email, or in-product support channels, together with our replies.

3. How we use it

We use the information above to operate, maintain, and improve the Service: to authenticate you, to deliver the features you request, to communicate with you about your account (transactional messages only), to detect and prevent abuse, and to improve features in aggregated or anonymized form. We do not sell your personal information. We do not share it with advertisers, and we do not run third-party advertising on the Service.

4. What we do not do — AI training

We do not use customer data to train AI models. Your account information, the content you submit, your usage data, and your communications with us are not used to train, fine-tune, or otherwise improve any machine-learning model, whether ours or a third party’s. Where the Service uses AI features powered by third-party providers, we configure those providers to disable training on customer data and we transmit only the data needed to return the result you asked for.

5. Sharing and subprocessors

We engage a small set of vendors (subprocessors) to operate the Service on our behalf. Each subprocessor is contractually bound to process personal data only on our instructions and to maintain appropriate security and confidentiality. The categories we use are:

  • Hosting and infrastructure — serverless compute, edge networking, and managed databases that run the Service.
  • Payment processing{{MOR_NAME}}, our Merchant of Record, who handles billing, taxes, refunds, and related compliance.
  • Transactional email — the provider that sends account-related email such as password resets and receipts.
  • Product analytics — minimal first-party analytics that help us understand which features are used and where errors occur. No third-party advertising trackers.
  • Customer support — the platform that receives and routes your support messages.

We engage subprocessors as listed at our subprocessors page (link forthcoming).

6. Data retention and deletion

You can delete your account at any time from the settings page. When you do, we cascade-delete the rows associated with your account: every record that references your user identifier is removed automatically by a foreign-key constraint, with a default retention window of 30 days for any operational backups before those backups are recycled. We may retain a minimal record of the deletion event itself for security and audit purposes. You can request an export of your account data before deletion by writing to privacy@{{DOMAIN}}.

7. Children

The Service is not directed at children. We do not knowingly collect personal information from children under the age of 13 in the United States or under the age of 16 in the European Union. If we learn that an account has been created by a child below those ages, we will close the account and delete the data associated with it. If you believe a child has registered, contact us at privacy@{{DOMAIN}} so we can act promptly.

8. Your rights

Depending on where you live, you may have the right to access the personal information we hold about you, to correct it, to delete it, to receive a portable copy of it, to restrict or object to certain processing, and to withdraw consent where we rely on consent. We honor these rights regardless of jurisdiction where we reasonably can. Exercising your rights is free, and we will not retaliate against you for doing so.

For California residents, the two designated methods for submitting a privacy request under the CCPA/CPRA are: (a) email to privacy@{{DOMAIN}}, and (b) our contact form at /contact. We will verify your identity before fulfilling a request and will respond within the timelines required by law.

9. International users and EU representative

We operate the Service from outside the European Economic Area. If you are located in the EEA, the United Kingdom, or Switzerland and we process your personal data, you can contact our Article 27 representative at: {{EU_REPRESENTATIVE}}.

Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on lawful transfer mechanisms such as the Standard Contractual Clauses and equivalent UK and Swiss addenda, together with supplementary measures where appropriate.

10. Cookies and similar technologies

We use a small number of cookies and similar technologies. Session cookies keep you signed in. A minimal first-party analytics cookie helps us understand product usage in aggregate. We do not run third-party advertising trackers. Most browsers let you block or delete cookies; doing so may prevent you from staying signed in.

11. Security

We take reasonable administrative, technical, and organizational measures to protect personal information, including password hashing, encryption in transit (HTTPS), access controls, and regular review of who can access production systems. No system is perfectly secure; if we become aware of a breach that affects your personal data, we will notify you and any required regulator in accordance with applicable law.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-product notice. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the new policy.

13. Contact

For privacy questions or requests, contact us at privacy@{{DOMAIN}} or through our contact form.