Legal
Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect information you provide directly: account details (name, email, avatar), project data (timelines, milestones, updates), and payment information (processed by Stripe — we never store card numbers). We also collect usage data automatically: IP address, browser type, pages visited, feature interactions, and device information through server logs and analytics.
2. How We Use Your Information
We use your information to: (a) provide and maintain the Service; (b) process transactions and send billing notifications; (c) send service-related communications (e.g., weekly digests, milestone reminders); (d) improve the Service through usage analytics; (e) detect and prevent fraud, abuse, and security incidents; (f) comply with legal obligations.
3. Information Sharing
We do not sell your personal information. We share data only with: (a) service providers who assist in operating the Service (Supabase for database, Stripe for payments, Resend for emails, Vercel for hosting); (b) when required by law, court order, or government request; (c) to protect the rights, safety, or property of iAppLabs, our users, or the public; (d) in connection with a merger, acquisition, or sale of assets (with notice to users).
4. Data Security
We implement industry-standard security measures including encryption in transit (TLS/SSL), encrypted database storage, regular security audits, and access controls. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
5. Cookies & Tracking
We use essential cookies for authentication and session management. We use a locale preference cookie to remember your language setting. We do not use third-party advertising cookies. You can control cookie settings through your browser preferences.
6. Third-Party Services
The Service integrates with third-party services that have their own privacy policies: Supabase (database and authentication — supabase.com/privacy), Stripe (payment processing — stripe.com/privacy), Google (OAuth authentication — policies.google.com/privacy), GitHub (webhook integrations — docs.github.com/privacy), Resend (transactional emails — resend.com/privacy), Vercel (hosting — vercel.com/legal/privacy-policy).
7. Your Rights
Depending on your jurisdiction, you may have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your data; (d) export your data in a portable format; (e) object to or restrict processing; (f) withdraw consent at any time. To exercise these rights, contact us at privacy@iapplabs.com. We will respond within 30 days. For EU/EEA residents: you have rights under GDPR. For California residents: you have rights under CCPA/CPRA. For Brazilian residents: you have rights under LGPD.
8. Data Retention
We retain your account data for as long as your account is active. Analytics and usage data is retained for up to 12 months. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law. Backups containing your data may persist for up to 90 days after deletion.
9. Children’s Privacy
The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. International Data Transfers
Your data may be processed in countries other than your own, including the United States and Brazil. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 14 days before the changes take effect. Your continued use after changes constitutes acceptance.
12. Contact
For privacy-related questions or requests, contact us at: iAppLabs — privacy@iapplabs.com. Data Protection Officer: legal@iapplabs.com. We aim to respond to all inquiries within 5 business days.