Privacy Policy

Privacy Policy

Last updated: [DATE]

1. Introduction

This Privacy Policy explains how [APP_NAME] ("we", "us") collects, uses, and protects your personal data in compliance with GDPR, CCPA, and other applicable data protection laws.

2. Data We Collect

Account Data: name, email address, password (hashed), profile information.
Usage Data: IP addresses, browser type, pages visited, features used.
Billing Data: payment information processed by our payment provider (Stripe).
Device Data: device type, operating system, for session management and security.

3. Legal Basis for Processing (GDPR)

We process your data under these legal bases:
- Contract: to provide the service you signed up for
- Consent: for optional features like marketing emails
- Legitimate Interest: for security, fraud prevention, and service improvement
- Legal Obligation: for tax records, law enforcement requests

4. How We Use Your Data

- To provide and maintain the service
- To authenticate your identity and secure your account
- To process payments and manage subscriptions
- To send service-related notifications
- To improve the service through analytics
- To comply with legal obligations

5. Data Sharing

We do not sell your personal data. We share data only with:
- Service providers (hosting, email, payment processing) under data processing agreements
- Law enforcement when legally required
- With your consent

6. Data Retention

We retain your data while your account is active. After account deletion, data is permanently removed within 30 days. Some data may be retained longer for legal compliance (e.g., billing records).

7. Your Rights

Under GDPR and similar laws, you have the right to:
- Access your personal data (data export feature available in Settings)
- Rectify inaccurate data
- Erase your data (account deletion available in Settings)
- Restrict processing
- Data portability (JSON export)
- Object to processing
- Withdraw consent at any time

To exercise these rights, contact us at [SUPPORT_EMAIL] or use the self-service tools in your account Settings.

8. Cookies

We use essential cookies for authentication and security. See our Cookie Policy for details.

9. International Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place.

10. Security

We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security reviews.

11. Children

Our service is not directed to children under 16. We do not knowingly collect data from children.

12. Changes

We will notify you of material changes to this policy via email or in-app notice.

13. Contact

Data Controller: [COMPANY_NAME]
Email: [SUPPORT_EMAIL]

For EU residents, you have the right to lodge a complaint with your local data protection authority.