Skip to content
Your Brand
Demo

Privacy Policy

Effective 2026-01-01

1. Information We Collect

When you create an account we collect your name, email address, and hashed password. If you sign in via a third-party provider (Google, GitHub) we receive your public profile information from that provider.

We automatically collect usage data such as pages visited, features used, browser type, and IP address for analytics and security purposes.

2. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process transactions and send billing-related communications
  • To respond to support requests and communicate updates
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share data only with service providers who help us operate the platform (e.g., payment processors, email delivery, hosting) and only to the extent necessary.

4. Data Retention

We retain your account data for as long as your account is active. When you delete your account we remove your personal data within 30 days, except where retention is required by law.

5. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, httpOnly cookies, and bcrypt password hashing. We conduct regular security reviews and dependency audits.

6. Your Rights

Under UK GDPR, EU GDPR, and equivalent state laws (CCPA / CPRA in California; analogous rights in 19 other US states), you have the following rights regarding your personal data. You can exercise any of these by contacting us at the privacy address below or by using the in-app tools at Settings → Privacy.

  • Right of access — request a copy of the personal data we hold about you. Use the “Download my data” button in Settings, or submit a request to receive a machine-readable export within 30 days.
  • Right to rectification — correct inaccurate or incomplete personal data. Most fields can be updated directly in your profile.
  • Right to erasure (“right to be forgotten”) — request deletion of your account and associated data. We honour deletion within 30 days; certain records (audit logs, financial records) may be retained where required by law.
  • Right to restrict processing — ask us to stop using your data while a complaint or rectification request is being resolved.
  • Right to data portability — receive your data in a structured, machine-readable JSON format you can transfer to another service.
  • Right to object — object to processing based on legitimate interests, including direct marketing. We will stop the objected-to processing immediately.
  • Rights related to automated decision-making — request human review of any decision made solely by automated processing that has a legal or similarly significant effect on you.

We do not respond to subject-rights requests with a fee. We will confirm receipt within 7 days and complete the request within 30 days (extendable to 90 days for complex requests, with notice).

7. Cookies

We use essential cookies for authentication and session management. We use analytics cookies only with your consent (recorded via the cookie banner). You can manage your cookie preferences at any time.

We honour the Global Privacy Control(GPC) browser signal and the “Do Not Track” (DNT) header. If your browser sends either signal, non-essential cookies will not be set and the consent banner will not appear. This is required by California CCPA / CPRA and 19 other US state privacy laws.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice before they take effect.

9. Contact

If you have questions about this privacy policy, please contact us at privacy@example.com.

If you have any concerns about how your data is handled, please reach out to privacy@example.com. We aim to respond within 5 business days.
DemoTemplate preview — content is fictional.