Privacy Policy

Summary

• We collect data you provide, data generated by your use of the service, and (optionally) data from third parties.
• We use data to provide the service, improve it, secure it, and comply with legal obligations.
• We may share data with service providers and when required by law.
• You may have rights to access, delete, correct, or export your data, depending on your location.

Scope

This Privacy Policy explains how [Company] (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use [Product/Service] (the “Service”), visit our website, or otherwise interact with us.

Personal data we collect

Data you provide

• Account details: name, username, email, password (stored as a hash), profile details.
• Billing details: billing address, tax/VAT ID, payment status (payment card data typically handled by our payment processor).
• Support communications: messages you send to us, including attachments.
• Content you submit: files, text, images, or other data you choose to upload/post.

Data collected automatically

• Device & usage: IP address, browser type, device identifiers, pages viewed, timestamps, referrer URLs.
• Logs & diagnostics: error logs, performance data, crash reports.
• Approximate location: inferred from IP address.

Data from third parties (optional)

• Auth providers: if you sign in via SSO/OAuth (e.g., Google/Microsoft), we receive basic profile info per your settings.
• Payment providers: subscription state, payment confirmation, partial card metadata (e.g., last 4 digits).
• Analytics: aggregated usage metrics (if enabled).

Replace the lists above with what you actually collect. Remove items you do not collect.

How we use personal data

• Provide the Service: create accounts, deliver features, process transactions.
• Improve & develop: analyze usage to improve reliability and functionality.
• Security: prevent fraud, abuse, and unauthorized access.
• Communications: send service-related messages (e.g., confirmations, security notices), and (if you opt in) marketing.
• Legal compliance: comply with laws, enforce agreements, resolve disputes.

Legal bases (EU/EEA/UK, if applicable)

Where GDPR (or similar) applies, we process personal data on the following bases:

• Contract: to provide the Service you request.
• Legitimate interests: to secure and improve the Service (balanced against your rights).
• Consent: for optional cookies/marketing where required.
• Legal obligation: e.g., accounting, tax, law enforcement requests.

Cookies and similar technologies

We may use cookies, local storage, and similar technologies to operate the Service and (optionally) to analyze traffic and personalize content.

• Strictly necessary: login/session, security, load balancing.
• Preferences: language, region, UI settings.
• Analytics (optional): understand how the Service is used.
• Marketing (optional): measure campaigns and show relevant ads.

If you use a cookie banner/consent tool, link it here: Cookie settings.

Sharing and disclosures

We may share personal data with:

• Service providers: hosting, storage, analytics, email delivery, customer support tools, payment processors.
• Affiliates: if part of a corporate group (optional).
• Legal & safety: when required by law or to protect rights, safety, and property.
• Business transfers: in connection with a merger, acquisition, or sale of assets.

If you have subprocessors, list them (or link to a subprocessor page): Subprocessors.

International transfers

Your data may be processed in countries other than where you live. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

Data retention

We retain personal data only as long as necessary for the purposes described in this policy, including to comply with legal obligations, resolve disputes, and enforce agreements.

• Account data: retained while your account is active, and for a reasonable period after deletion.
• Billing records: retained as required by applicable tax/accounting laws.
• Logs: retained for security and diagnostics for [X days/months].

Security

We implement technical and organizational measures designed to protect personal data, including access controls, encryption in transit, and monitoring. No method of transmission or storage is 100% secure.

Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your data
• Restrict or object to certain processing
• Export your data (data portability)
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at [privacy@email]. We may need to verify your identity.

Children’s privacy

Our Service is not directed to children under [age], and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us to request deletion.

Third-party links

The Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies, not ours.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we may provide additional notice as required.