Privacy Policy

1. Introduction

Console Maven ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

GDPR Compliance: We comply with the General Data Protection Regulation (GDPR) for all users, regardless of location. You have the right to access, rectify, erase, and port your data.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, OAuth provider (Google/GitHub)
• Payment Information: Processed by Stripe (we never store credit card numbers)
• API Keys: Encrypted Anthropic API keys (if using BYOK mode)
• Project Data: Project names, API keys (encrypted), error logs

2.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent
• Technical Data: IP address, browser type, device information
• Cookies: See Section 7 for details

2.3 Information From Third Parties

• OAuth Providers: Google and GitHub provide your email, name, and profile picture
• Stripe: Payment status and subscription information

3. How We Use Your Information

We use your information for:

• Service Delivery: Process errors, route to Claude AI, deliver debugging insights
• Billing: Manage subscriptions, process payments, generate invoices
• Communication: Send service updates, billing notifications, security alerts
• Improvement: Analyze usage patterns, optimize smart routing, improve UX
• Security: Detect fraud, prevent abuse, protect user accounts

Legal Basis (GDPR):

• Contract performance (service delivery, billing)
• Legitimate interest (security, service improvement)
• Consent (marketing emails, analytics cookies)

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

4.2 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

4.3 Legal Disclosures

We may disclose your information if required by law, court order, or government request.

5. Your GDPR Rights

Under GDPR, you have the following rights:

6. Data Retention

• Account Data: Retained while account is active
• Error Logs: Retained for 90 days
• Billing Records: Retained for 7 years (IRS requirement)
• Analytics: Anonymized after 26 months (Google Analytics default)
• Deleted Accounts: All personal data erased within 30 days

7. Cookies and Tracking

7.1 Cookie Types

7.2 Manage Cookie Preferences

Manage Cookie Settings

8. Data Security

We implement industry-standard security measures:

• Encryption: AES-256-GCM for API keys, TLS 1.3 for data in transit
• Access Controls: Role-based access, multi-factor authentication
• Monitoring: 24/7 security monitoring and incident response
• Compliance: SOC 2 Type II certified infrastructure (AWS)

9. International Data Transfers

Your data is processed in the United States (AWS us-east-1 region). If you're in the EU/EEA, data transfers are protected by:

• AWS's GDPR compliance certifications
• Standard Contractual Clauses (SCCs)
• Adequacy decisions (where applicable)

10. Children's Privacy

Console Maven is not intended for users under 18. We do not knowingly collect data from children. If you believe we've collected data from a minor, contact us immediately at privacy@console-maven.com.

11. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of material changes via:

• Email notification (if you have an account)
• In-app banner
• Updated "Last Updated" date above

12. Contact Us

For privacy-related questions or to exercise your GDPR rights:

• Email: privacy@console-maven.com
• Data Protection Officer: dpo@console-maven.com
• Postal Address: Console Maven Privacy Team, [Address TBD]

Supervisory Authority: If you're in the EU/EEA and unsatisfied with our response, you can file a complaint with your local data protection authority.