Privacy Policy
Effective Date: [EFFECTIVE DATE]
1. Introduction
Welcome to [COMPANY NAME] ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service (the "Service").
Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service. We may update this policy from time to time β see Section 10 for how we handle changes.
2. Information We Collect
We collect information in the following categories:
Account & Registration Data
- Name and email address provided at sign-up
- Hashed password (we do not store your password in plain text)
- Account preferences and settings
Usage Data
- Pages visited, features used, and actions taken within the Service
- IP address, browser type, operating system, and referring URLs
- Timestamps of access and session duration
- Error logs and performance data
User-Uploaded Content
- Files, documents, images, and other content you upload to the Service. This content is stored in cloud infrastructure β see Section 4 for details.
Billing & Payment Data
- Subscription plan selection and billing history. Payment card details are handled directly by our payment processor and are not stored on our servers β see Section 5.
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and authenticate your identity
- Provide, operate, and improve the Service
- Process payments and manage your subscription
- Send transactional communications (e.g., account confirmation, password reset, billing receipts)
- Send service announcements and, where you have opted in, marketing communications
- Diagnose technical issues and monitor Service performance
- Comply with legal obligations and enforce our Terms of Service
- Protect against fraudulent, unauthorised, or illegal activity
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
4. File & Cloud Storage
Files and other content you upload to the Service are stored using Amazon Web Services Simple Storage Service (Amazon S3), a cloud storage platform operated by Amazon Web Services, Inc. By using the Service and uploading content, you acknowledge that your files will be transmitted to and stored on AWS infrastructure, which may be located outside your country of residence.
- Files are stored in access-controlled S3 buckets. Direct public access is disabled; files are only accessible via authenticated, time-limited signed URLs generated by our application.
- Data in transit is encrypted using TLS. Data at rest is encrypted using AWS server-side encryption (SSE-S3 or SSE-KMS).
- AWS acts as a data processor on our behalf and is contractually bound to handle your data in accordance with applicable data protection law.
- For more information on AWS data handling practices, please review the AWS Privacy Notice.
Uploaded files are retained for as long as your account is active, or until you delete them, subject to the retention terms in Section 6.
5. Payment Processing
Subscription payments are processed by Stripe, Inc. ("Stripe"), a third-party payment processor. When you enter payment information (e.g., credit or debit card details), that information is transmitted directly to Stripe and is not received or stored on our servers.
- Stripe is certified as a PCI DSS Level 1 Service Provider β the highest level of certification available in the payments industry. Accordingly, the scope of our own PCI compliance obligations is significantly reduced.
- We receive from Stripe only a tokenised reference to your payment method and high-level transaction metadata (e.g., last four digits of card, expiry month/year, transaction amount, and status).
- We share with Stripe your email address and subscription details necessary to create and manage your billing relationship.
- For details on how Stripe handles your data, please review the Stripe Privacy Policy.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service:
- Active accounts: Account data is retained for the lifetime of your account.
- After account deletion: We will delete or anonymise your personal data within [X] days of account deletion, except where we are required to retain it for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, tax records).
- Uploaded files: Files stored in cloud storage are deleted when you remove them or within the timeframe above following account deletion.
- Billing records: Transaction records may be retained for up to seven (7) years for tax and accounting compliance.
- Aggregated analytics: Anonymised, aggregated usage data that cannot be linked to an individual may be retained indefinitely.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorised access, disclosure, alteration, and destruction. These measures include:
- TLS encryption for all data in transit between your browser and our servers
- Encryption at rest for files stored in cloud storage
- Hashed storage of passwords using industry-standard algorithms
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular review of our data collection, storage, and processing practices
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
8. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that inaccurate or incomplete data be corrected.
- Deletion: Request deletion of your personal data, subject to our retention obligations.
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Portability: Request that we provide your data in a portable, machine-readable format where technically feasible.
- Withdraw Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
- Marketing opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in those emails, or by contacting us directly.
To exercise any of these rights, please contact us at [CONTACT EMAIL]. We will respond to verifiable requests within the timeframe required by applicable law (typically 30 days).
9. Third-Party Services
The Service relies on the following third-party providers. Each has its own privacy policy governing its handling of data:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Amazon Web Services (AWS S3) | Cloud file storage | aws.amazon.com/privacy |
| Stripe, Inc. | Payment processing & subscription billing | stripe.com/privacy |
We are not responsible for the privacy practices of these third parties. We encourage you to review their policies before using the Service.
10. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Effective Date" at the top of this page
- Notify you by email (to the address associated with your account) and/or by posting a prominent notice within the Service prior to the change becoming effective
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. If you do not agree to the updated policy, please delete your account and discontinue use of the Service.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
[COMPANY NAME]Attn: Privacy
[STREET ADDRESS]
[CITY, STATE/PROVINCE, POSTAL CODE]
[COUNTRY]
Email: [CONTACT EMAIL]