Privacy Policy
Last updated: February 22, 2026
YOUR_* placeholders with your actual company information before going live. Consider having a lawyer review the final version for your jurisdiction.1. Who We Are
YOUR_COMPANY ("we," "our," or "us") operates the service available at YOUR_DOMAIN. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our service.
2. Information We Collect
When you sign up, we collect your email address and a securely hashed version of your password. If you sign in via Google or GitHub OAuth, we receive your name, email address, and profile picture from the provider. We never store your password in plain text.
Information you enter or actions you take while using the service, including features accessed, pages viewed, and settings configured.
If you subscribe to a paid plan, payment is processed by Stripe. We store your Stripe customer ID and subscription status. We never see, process, or store your full card number or banking details.
We may collect your IP address, browser type, operating system, and referring URL for security monitoring and service improvement.
3. How We Use Your Information
- To provide, operate, and maintain the service
- To authenticate your identity and secure your account
- To process subscription payments and manage billing
- To send transactional emails (verification, password reset, billing)
- To improve, debug, and optimize the service
- To comply with legal obligations
4. Cookies and Tracking
We use the following types of cookies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, CSRF protection | Session |
| Preferences | Theme preference, cookie consent choice | 1 year |
| Analytics | Usage patterns and performance monitoring (if enabled) | 1 year |
You can manage your cookie preferences through the cookie consent banner or your browser settings. Disabling essential cookies may prevent you from using the service.
5. Third-Party Services
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some data may be retained longer as required by law or for legitimate business purposes such as fraud prevention and financial record-keeping.
7. Data Security
We use industry-standard security practices including encrypted connections (TLS/HTTPS), hashed passwords (bcrypt), secure token-based authentication, and two-factor authentication. However, no system is completely secure. We encourage you to use a strong, unique password and enable 2FA.
8. Your Rights (GDPR / CCPA)
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your personal data
- Portability — Request your data in a machine-readable format
- Objection — Object to processing of your data
- Restriction — Request limitation of processing
- Non-discrimination — We will not discriminate against you for exercising your rights
To exercise these rights, use the data export feature in Settings or contact us at YOUR_EMAIL. We will respond within 30 days.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including standard contractual clauses where required.
10. Children's Privacy
This service is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the site. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at YOUR_EMAIL.