Privacy Policy

1. Introduction

Welcome to SaaS Scaffold ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account or use our Service:

• Account Information: Name, email address, and password
• Profile Information: Optional profile picture and display preferences
• Billing Information: Payment card details (processed securely through Polar)
• Communication Data: Messages you send to our support team

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, referring URLs
• Cookies: Small data files stored on your device (see Section 5)

2.3 Information from Third Parties

We may receive information about you from third-party services:

• Payment Processors: Polar provides payment confirmation and subscription status
• Analytics Services: Aggregated usage statistics and performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the Service: Account creation, authentication, and service delivery
• Process Payments: Billing, invoicing, and subscription management
• Improve Our Service: Analytics, bug fixes, and feature development
• Customer Support: Respond to inquiries and provide technical assistance
• Communication: Send service updates, security alerts, and important notices
• Marketing: Send promotional content (with your consent, and you can opt out anytime)
• Security: Detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context in which we collect it:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
• Consent: Marketing communications and optional features (you can withdraw consent anytime)
• Legal Obligation: Complying with applicable laws and regulations

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are small files with a unique identifier that are sent to your browser.

Types of Cookies We Use:

• Essential Cookies: Required for authentication and basic functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with the Service
• Marketing Cookies: Track visits across websites for advertising purposes

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some features of the Service may not function properly.

6. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf (e.g., Polar for payments, hosting providers, analytics services)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights, property, or safety
• With Your Consent: When you explicitly agree to share your information

We do not sell your personal information to third parties.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (SSL/TLS)
• Encryption of sensitive data at rest
• Secure authentication through Clerk
• Regular security audits and monitoring
• Access controls and authentication
• Secure payment processing through PCI-compliant providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active
• Billing Records: Retained for 7 years for tax and accounting purposes
• Usage Logs: Retained for 90 days
• Support Communications: Retained for 2 years

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

For All Users:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Opt-Out: Unsubscribe from marketing communications

For EEA/UK Users (GDPR):

• Data Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge a Complaint: File a complaint with your local data protection authority

For California Users (CCPA):

• Know: Request information about data collection and use
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights

To exercise these rights, please contact us at legal@sunaius.com. We will respond to your request within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer personal information from the EEA to other countries, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your data is protected.

11. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

12. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date at the top
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on the Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: