Privacy Policy

Last updated: [date]

1. Data controller

[Company legal name], [registered address] — contact: [privacy contact email]. [Appoint and name a DPO here if you are required to have one.]

2. What we collect and why

Account data (email, password hash): to create and secure your account.
Billing data (subscription status, invoices): handled by our payment providers [Stripe / Lemon Squeezy]; we never store card numbers.
Usage data ([describe: logs, feature usage, AI token counts…]): to operate, secure and improve the service.
[Anything else your product collects — be exhaustive and honest.]

3. Legal bases

We process your data to perform our contract with you, to comply with legal obligations (invoicing, accounting), and on our legitimate interest in [securing and improving the service]. [Add consent-based processing — e.g. marketing emails — if any.]

4. Processors and transfers

Hosting: [provider, region]
Payments: [Stripe, Lemon Squeezy]
Email delivery: [provider]
AI processing: [Anthropic — if you enable the AI features, the text users submit to them is processed by the model provider]
[Error tracking, analytics…]

[Describe safeguards for transfers outside your users' jurisdiction — SCCs, DPF…]

5. Retention

Account data is kept for the life of the account and deleted within [X days] of account deletion. Invoices are kept [Y years] as required by law. [Adjust per data category.]

6. Your rights

Depending on your jurisdiction you can access, rectify, export, restrict or delete your personal data, and object to certain processing. Write to [privacy contact email]; we answer within [30 days]. You may also lodge a complaint with your supervisory authority.

7. Cookies

We use [only strictly necessary cookies (session, security) — if so, no consent banner is needed in most jurisdictions / list any analytics or marketing cookies and your consent mechanism].

8. Security

[Describe your measures honestly: encryption in transit, hashed passwords, two-factor authentication, access controls, backups.]