Privacy Policy

1. Who We Are

[founder + counsel to fill: company legal name, registration number, registered address, DPO contact if required under GDPR]

2. Data We Collect

2a. Account and Billing Data

[founder + counsel to fill: name, email, payment method (Stripe tokenized), company name, billing address]

2b. Product Usage Data

[founder + counsel to fill: events tracked via SDK (describe categories), session replay data, feature flag evaluations, IP addresses, user agents]

2c. Support and Communications

[founder + counsel to fill: email correspondence, support tickets, survey responses]

2d. Automatically Collected Data

[founder + counsel to fill: cookies (see Cookie Policy), server logs, Cloudflare analytics, Grafana metrics — describe what is collected and retention period]

3. Legal Basis for Processing (GDPR)

[founder + counsel to fill: map each processing activity to a legal basis — contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent (Art. 6(1)(a)). Required for EU customers.]

4. How We Use Your Data

[founder + counsel to fill: service delivery, billing, product improvement, security monitoring, marketing communications (consent required), ML model training (describe scope and opt-out)]

5. Data Sharing and Sub-processors

[founder + counsel to fill: list sub-processors — Stripe, Clerk, Resend, Cloudflare R2, Contabo, OpenRouter, etc. Include country of processing for each.]

We do not sell your personal data to third parties.

6. International Data Transfers

Data is stored in Singapore. [founder + counsel to fill: describe transfer mechanisms for EU data — SCCs, adequacy decisions, Binding Corporate Rules, or derogations under GDPR Art. 46/49]

7. Data Retention

[founder + counsel to fill: per-plan retention for product events (30/90/365 days), account data after cancellation, backup retention (R2 backups retained for 30 days), legal hold procedures]

8. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing.

[founder + counsel to fill: describe how to exercise rights, response timeline (30 days under GDPR), identity verification process, right to lodge complaint with supervisory authority]

9. Security

[founder + counsel to fill: describe technical and organizational measures — TLS in transit, encryption at rest, access controls, SOC 2 roadmap, incident response and breach notification timelines]

10. Cookies

For details on cookies and tracking technologies, see our Cookie Policy.

11. Children's Privacy

[founder + counsel to fill: minimum age (13 / 16 for EU), procedure if underage data discovered, COPPA/GDPR-K considerations]

12. Changes to This Policy

[founder + counsel to fill: how and when we notify users of material changes, re-consent requirements]

13. Contact Us

[founder to fill: privacy contact email, postal address, DPO contact if applicable]