Privacy Policy

Effective Date: 25/04/2025 | Last Updated: 02/05/2025

Welcome to Privmat! We are committed to protecting your privacy and providing transparency about how we handle your personal information when you use our website and services (collectively, the "Service").


Please read this Privacy Policy carefully. By accessing or using our Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.


1. Information We Collect

We collect information you provide directly to us when you use our Services.

We collect information in the following ways:


  • Account Information: When you register for an account, we collect information necessary for account creation and management, primarily through our authentication provider, Clerk. This typically includes your email address, name, and hashed password (managed by Clerk). We store your Clerk User ID, email, and name in our database to associate your Privmat data with your account.

  • Tracked App Data: Information you manually enter about the applications you track, such as the app name, URL (optional), the email or phone number you used with that app (optional), whether you granted location access (boolean), and any personal notes you add.

  • Fake Data Presets: Any presets you save within the Fake Data Generator feature.

  • Data Vault Credentials: Information you choose to store in the Data Vault, such as website names, usernames, encrypted passwords, and notes. Note: The passwords and potentially other sensitive data you store in the vault are encrypted on our servers (see Security section).

  • Communication: If you contact us directly (e.g., for support), we may collect your name, email address, and the content of your communication.

Information Collected Automatically:


  • Usage Data: We may collect standard web log information about how you interact with the Service, such as your IP address, browser type, operating system, pages visited, time spent on pages, and referring URLs. This is typically used for analytics and service improvement.

  • Cookies and Similar Technologies: We may use cookies and similar tracking technologies to enhance your experience, remember your preferences, and analyze service usage. You can control cookie preferences through your browser settings.

Information from Third Parties:


  • Authentication Provider (Clerk): As mentioned, we receive necessary identifiers (like User ID, email, name) from Clerk upon successful authentication to manage your account link.

  • Breach Data Provider (XposedOrNot): When you use the breach check feature for your registered email, we query the XposedOrNot API. We store the names of breaches associated with your user ID and email in our database to provide your breach history. We do not store the raw results for checks on arbitrary emails performed via the public checking tool (if implemented).

2. How We Use Your Information


  • To Provide and Maintain the Service: To operate the dashboard, allow you to track apps, generate fake data, store vault items, check for breaches, authenticate you, and provide core functionality.

  • To Improve the Service: To analyze usage patterns, troubleshoot issues, gather feedback, and enhance features and usability.

  • To Communicate with You: To respond to your inquiries, send important service-related notifications (e.g., security alerts, policy updates), and provide customer support.

  • For Security Purposes: To detect and prevent fraud, abuse, security incidents, and other harmful activities; to enforce our Terms of Service.

  • To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Share Your Information


We are committed to your privacy and do not sell your personal information. We may share your information only in the following limited circumstances:


  • Service Providers: We may share information with third-party vendors and service providers who perform services on our behalf, such as:
    • Authentication: Clerk
    • Database Hosting: Neon DB
    • Analytics Providers: Google Analytics
    These providers only have access to the information necessary to perform their functions and are obligated to protect your information.

  • Data Breach Checks: We send your email address to the XposedOrNot API to perform breach checks. Their use of data is subject to their own privacy policy.

  • Legal Requirements: We may disclose your information as required to comply with the law, protect our rights or property, prevent fraud, or protect the personal safety of users or the public.

  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. You will be notified of any such changes.

4. Data Security


We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, use, alteration, or destruction.


  • Authentication Security: Handled by Clerk using industry-standard practices.

  • Data Vault Encryption: Vault passwords/sensitive content are encrypted on our servers using AES-256-CBC encryption. Keys and IVs are managed server-side.

  • HTTPS: All data transmitted between your browser and our servers is encrypted.

  • Access Controls: Internal access to user data is restricted.

However, no security system is completely secure. You are responsible for safeguarding your credentials.


5. Data Retention


  • Account Data: Retained as long as your account exists.

  • Tracked App Data / Vault Items / Presets: Retained until deleted by you or your account is deleted.

  • User Breach Links: Retained until you delete your account.

  • Usage Logs: May be retained for a limited period for analysis and security purposes.

You may be able to delete your account and associated data through your account settings.


6. Your Privacy Rights


Depending on your jurisdiction, you may have the right to:


  • Access: Request to view the personal data we hold about you.

  • Correction: Request corrections to any inaccurate data.

  • Deletion: Request we delete your data, with certain exceptions.

  • Object/Restrict: Request we limit or stop processing your data.

To exercise any of these rights, please contact us via the information below.


7. Children's Privacy


Our Service is not intended for individuals under the age of 13 (or 16 depending on jurisdiction). We do not knowingly collect personal information from children without parental consent.


8. Third-Party Links


Our Service may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to read their privacy policies.


9. Changes to This Privacy Policy


We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a notice on the Service before the changes take effect.


10. Contact Us


If you have any questions about this Privacy Policy or our practices, contact us at:


info.privmat@gmail.com
Privmat