Privacy Policy

1. Overview

T3XTR ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our text conversion API service.

This policy applies to all users worldwide and complies with:

• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• United Kingdom Data Protection Act 2018
• Brazil's Lei Geral de Proteção de Dados (LGPD)
• Other applicable privacy laws and regulations

2. Information We Collect

2.1 Personal Information We Collect

We collect minimal personal information necessary to provide our services:

• Email Address: Required for account creation, authentication, and service communications
• Display Name: Optional name for account identification

2.2 Automatically Collected Information

When you use our API, we automatically collect:

• Usage Data: API endpoint usage, request timestamps, response times
• Technical Data: IP address, user agent, request headers (for security and performance)
• Error Logs: Technical error information for service improvement

2.3 Payment Information

We do not collect or store payment information. All payment processing is handled securely by Stripe, our payment processor. Please refer to Stripe's Privacy Policy for information about their data practices.

2.4 Information We Do NOT Collect

• Credit card numbers or payment details
• Social security numbers or government IDs
• Biometric data
• Location data (beyond general geographic location from IP)
• Personal content processed through our API (we do not store your converted text)

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

• Provide Services: Authenticate your API requests and deliver text conversion services
• Account Management: Create and manage your account, including email verification
• Billing and Usage Tracking: Monitor API usage and enforce plan limits
• Communication: Send service-related emails (verification, billing notifications, important updates)

3.2 Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: To provide the API services you've requested
• Legitimate Interest: To improve our services and prevent fraud
• Legal Compliance: To comply with applicable laws and regulations
• Consent: Where explicitly provided for specific purposes

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Limited Sharing

We may share your information only in these specific circumstances:

• Service Providers: With trusted partners who help us operate our service (e.g., Stripe for payments, email service providers)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with user notification)
• Safety and Security: To protect against fraud, abuse, or threats to security

4.3 Third-Party Service Providers

Our trusted partners include:

• Stripe: Payment processing (see their privacy policy)
• Email Service Provider: For transactional emails (account verification, billing notifications)
• Cloud Infrastructure: For secure hosting and data storage

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: All data transmitted using TLS/SSL encryption
• Hashed Storage: API keys are stored using SHA-256 hashing
• Access Controls: Role-based access to systems and data
• Regular Security Audits: Ongoing security assessments and improvements

5.2 Operational Safeguards

• Employee Training: Staff trained on privacy and security best practices
• Incident Response: Procedures for handling security incidents
• Regular Backups: Secure, encrypted backup systems
• Monitoring: 24/7 security monitoring and alerting

6. Data Retention

We retain your personal information only as long as necessary:

• Active Accounts: While your account remains active
• Inactive Accounts: Up to 2 years after last activity
• Usage Logs: Up to 1 year for service improvement and security
• Legal Requirements: As required by applicable law or regulation

When we delete your data, it is permanently removed from our active systems. Backup copies may persist for up to 90 days for disaster recovery purposes.

7. Your Privacy Rights

7.1 Universal Rights

Regardless of your location, you have the right to:

• Access: Request information about the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (right to be forgotten)
• Data Portability: Request your data in a portable format

7.2 Additional Rights (GDPR/CCPA)

If you're in the EU, UK, or California, you also have:

• Restriction: Right to restrict processing of your data
• Objection: Right to object to processing based on legitimate interests
• Withdraw Consent: Right to withdraw consent at any time
• Complaint: Right to lodge a complaint with your data protection authority

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@t3xtr.org. We will respond within:

• GDPR: 30 days (may be extended to 60 days for complex requests)
• CCPA: 45 days (may be extended to 90 days for complex requests)
• Other jurisdictions: As required by local law

8. International Data Transfers

T3XTR operates globally. Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Adequacy Decisions: Transfers only to countries with adequate privacy protections
• Certification Programs: Partners certified under recognized privacy frameworks

9. Children's Privacy

T3XTR is not intended for use by children under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

If you believe we have collected information from a child, please contact us at privacy@t3xtr.org.

10. Cookies and Tracking

T3XTR uses minimal cookies and tracking:

10.1 Essential Cookies

• Session Management: To maintain your login state on our website
• Security: To prevent cross-site request forgery attacks

10.2 Analytics

We collect basic usage analytics to improve our service:

• API endpoint usage statistics
• Error rates and performance metrics
• General geographic distribution of users

We do not use third-party advertising cookies or tracking pixels.

11. Third-Party Services

Our service integrates with:

• Stripe: Payment processing - governed by Stripe's Privacy Policy
• Email Provider: Transactional email delivery
• Cloud Infrastructure: Secure hosting and storage

These providers are carefully selected and contractually bound to protect your data according to applicable privacy laws.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we do:

• We will post the updated policy on our website
• We will update the "Last Updated" date
• For material changes, we will notify users via email
• Continued use of our service constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Information