Privacy Policy

1. Introduction

ValidateMe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at validateme.app (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address and any information provided through your OAuth provider (Google or GitHub), such as your name and profile picture.
• Content: We store the landing pages you create, including text, images, and configuration settings.
• Communications: If you contact us for support, we collect the information you provide in your communications.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by our payment processor. We do not store your complete credit card information on our servers.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
• Device Information: We collect information about the device you use to access the Service, including device type, operating system, browser type, and IP address.
• Cookies and Tracking Technologies: We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how the Service is used.

2.3 Information Collected from Third Parties

• OAuth Providers: When you sign in using Google or GitHub, we receive basic profile information from those services as authorized by you.
• Analytics Providers: We use third-party analytics services (such as PostHog) to help us understand how users interact with the Service.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Personalize and improve your experience
• Develop new products, services, features, and functionality

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

• Service Providers: We share information with third-party vendors who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.
• Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information with third parties when you have given us consent to do so.

We do not sell your personal information to third parties.

5. Data Collected on Landing Pages You Create

When visitors interact with landing pages you create using ValidateMe, we collect the following information on your behalf:

• Email addresses submitted through signup forms
• Page view analytics (anonymized visitor counts)
• UTM parameters and referrer information for marketing attribution

As the creator of landing pages, you are the data controller for any personal information collected through your pages. You are responsible for:

• Ensuring you have appropriate legal basis to collect visitor emails
• Providing your own privacy notice to visitors if required
• Handling any data subject requests related to email addresses you collect

6. Data Retention

We retain your account information and content for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your personal information within 30 days, except as required by law or for legitimate business purposes.

Email addresses collected through your landing pages are retained until you delete them or delete your account.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls limiting who can access personal data

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can update or correct inaccurate information through your account settings.
• Deletion: You can request deletion of your personal information by deleting your account.
• Portability: You can export your data, including email lists, in standard formats.
• Objection: You can object to certain processing of your information.

To exercise these rights, please contact us at privacy@validateme.app.

9. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Service to function properly, including authentication and security.
• Analytics Cookies: Help us understand how visitors interact with the Service (PostHog).
• Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

12. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

• Clerk (Authentication): clerk.com/privacy
• Convex (Database): convex.dev/privacy
• PostHog (Analytics): posthog.com/privacy
• OpenAI (AI Services): openai.com/privacy

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice, such as an email notification.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: privacy@validateme.app

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (note: we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, please contact us at privacy@validateme.app.

16. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing personal information includes: consent, contract performance, legitimate interests, and legal obligations.