Privacy Policy
Last updated: May 20, 2026 Effective immediately
📋 Production document. These documents reflect TermsKit's actual privacy practices and have been written specifically for our service.
Data Controller
The data controller responsible for processing your personal data under GDPR is:
Alexey Dombrov, Trabalhador Independente
NIF: 311831877
Porto, Portugal
Email: hello@termskit.app
This Privacy Policy explains how Termskit ("we", "us", or "our") collects, uses, and protects your information when you use our service at https://termskit.app/ (the "Service"). We comply with the EU General Data Protection Regulation (GDPR). We comply with the California Consumer Privacy Act (CCPA).
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information we collect
We collect the following categories of personal information:
- Email address
- Full name
- Payment information
Email address
We collect your email address when you create an account, subscribe to our communications, or contact us. We use it for authentication, transactional emails (e.g., password resets, receipts), and service updates.
Name
We collect your name to personalize the Service and address you in communications.
Payment information
Payment details (card number, billing address) are collected and processed by our payment processor and are never stored on our servers. We retain only minimal billing metadata (last 4 digits, expiry, invoice records) for accounting and compliance purposes.
2. How we use your information
We process your personal data for the following purposes:
- Service delivery — to provide, maintain, and improve the Service.
- Account management — to authenticate you, manage your account, and process your requests.
- Communication — to send transactional emails, security alerts, and (with consent) marketing communications.
- Security and fraud prevention — to detect, prevent, and address technical or security issues.
- Legal compliance — to comply with applicable laws, including tax, accounting, and law enforcement requests.
- Analytics and improvement — to understand how the Service is used and identify areas for improvement.
Legal basis under GDPR
Under the GDPR, we rely on the following legal bases for processing your data:
- Performance of a contract (Art. 6(1)(b)) — to provide the Service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — for analytics, security, and product improvement, where our interests are not overridden by your rights.
- Consent (Art. 6(1)(a)) — for optional marketing communications and non-essential cookies.
- Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other legal requirements.
3. Third-party processors
We share your data with the following third-party service providers, which act as data processors on our behalf:
- Stripe — Payment processing
- Resend — Transactional email
Each processor is bound by contractual obligations to protect your data and to process it only as instructed.
International transfers
Where data is transferred outside the European Economic Area (EEA), we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or by relying on adequacy decisions where applicable.
4. Your rights
Rights under GDPR
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:
- Access your personal data and receive a copy of it.
- Rectification — correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements.
- Restriction of processing — request that we limit how we process your data.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests, including direct marketing.
- Withdraw consent — withdraw any consent you have previously given.
- Lodge a complaint with a supervisory authority in your country of residence.
Rights under CCPA (California residents)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and share.
- Delete the personal information we have about you, subject to legal exceptions.
- Opt out of the sale or sharing of your personal information. (We do not sell your personal information.)
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
- Limit the use of sensitive personal information to specific purposes.
To exercise any of these rights, contact us at hello@termskit.app. We respond within 30 days. We may request information to verify your identity before fulfilling your request.
5. Data retention
We retain your personal data only for as long as necessary for the purposes set out in this policy:
- Account data — for the duration of your account, plus 30 days after deletion to allow for restoration.
- Billing records — for the period required by applicable tax and accounting law (typically 7–10 years).
- Support correspondence — for up to 3 years for quality assurance.
- Server logs — typically 30–90 days.
After retention periods expire, we securely delete or anonymize your data.
6. Data security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest (AES-256).
- Access controls and least-privilege principles for our staff.
- Regular security reviews and incident response procedures.
No system is completely secure. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authorities as required by law (within 72 hours under GDPR).
7. Cookies and tracking
We use cookies and similar technologies. For detailed information, see our Cookie Policy.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email or a prominent notice on the Service before they take effect.
10. Contact us
For questions, requests, or complaints regarding this Privacy Policy or our data practices:
- Email: hello@termskit.app
- Website: https://termskit.app/
- Service operator: Termskit