Privacy Policy

Introduction

Ehab Allababidi ("we," "us," "our") operates architect.estate (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

We take your privacy seriously and comply with:

• GDPR (General Data Protection Regulation - EU)
• CCPA (California Consumer Privacy Act)
• COPPA (Children's Online Privacy Protection Act)

1. Information We Collect

1.1 Information You Provide

When you create an account, we collect:

• Account Information: Email address, password (encrypted), first name, last name (optional)
• Profile Information: Profile photo (optional), age range (to verify 13+ requirement)
• Payment Information: Credit card details (processed by Stripe, not stored by us)
• Support Communications: Messages sent via email or live chat

1.2 Automatically Collected Information

• Usage Data: Pages visited, time spent, features used, browser type, device type
• IP Address: For security and analytics (anonymized after 90 days)
• Cookies: Session cookies, preference cookies, analytics cookies
• Analytics: Google Analytics 4, Vercel Analytics (anonymized)

1.3 Information from Third Parties

• OAuth Providers: If you sign in with Google, we receive your email and name from Google
• Payment Processors: Stripe provides payment confirmation but does not share full card details

2. How We Use Your Information

We use collected data to:

• Provide the Service: Account creation, login, dashboard access, content delivery
• Process Payments: Billing, subscription management, refund processing
• Communicate: Transactional emails (receipts, password resets), service updates, marketing (opt-in only)
• Improve the Service: Analytics to understand user behavior and optimize features
• Customer Support: Respond to inquiries, troubleshoot issues
• Security: Detect fraud, prevent abuse, enforce Terms of Service
• Legal Compliance: Comply with legal obligations, respond to lawful requests

3. Legal Basis for Processing (GDPR)

For EU users, we process data under:

• Contractual Necessity: To provide the Service you signed up for
• Legitimate Interest: To improve the Service, prevent fraud, analyze usage
• Consent: For marketing emails (you can opt out anytime)
• Legal Obligation: To comply with tax, accounting, and legal requirements

4. Sharing Your Information

We do not sell your personal information. We only share data with:

4.1 Service Providers

• Clerk: Authentication and user management
• Stripe: Payment processing
• Vercel: Hosting and infrastructure
• Google Analytics: Website analytics (anonymized)
• ConvertKit: Email marketing (only if you opt in)
• Discord: Community chat (if you join)

These providers have their own privacy policies and are contractually obligated to protect your data.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request (e.g., subpoena, tax audit).

4.3 Business Transfers

If we sell or merge the business, your data may be transferred to the new owner (you will be notified).

5. Children's Privacy (COPPA Compliance)

Users must be at least 13 years old. We do not knowingly collect information from children under 13.

For Users Aged 13-17:

• We collect only essential information (email, name, age verification)
• We do not display behavioral ads to minors
• Parents can request data deletion at any time
• We require parental consent for users under 13 (enforced at signup)

Parental Rights:

Parents/guardians can:

• Review their child's information by emailing defcon5ready@gmail.com
• Request deletion of their child's account
• Refuse further collection of data

6. Your Rights (GDPR & CCPA)

All Users Have the Right To:

• Access: Request a copy of your data (delivered within 30 days)
• Correction: Update inaccurate information from your dashboard settings
• Deletion: Request account deletion (some data retained for legal/tax purposes for 7 years)
• Portability: Export your data in JSON format
• Opt-Out: Unsubscribe from marketing emails (transactional emails still sent)

California Residents (CCPA) Also Have the Right To:

• Know what personal information is collected, used, and shared
• Request deletion of personal information
• Opt-out of data "sales" (we don't sell data, but you can opt-out of third-party analytics)
• Non-discrimination for exercising privacy rights

How to Exercise Your Rights:

Email defcon5ready@gmail.com with subject "Privacy Request" and specify your request. We'll respond within 30 days.

7. Cookies & Tracking

We use cookies to:

• Essential Cookies: Keep you logged in, remember preferences (cannot be disabled)
• Analytics Cookies: Understand how you use the Service (Google Analytics, Vercel Analytics)
• Marketing Cookies: Track ad performance (Facebook Pixel - only if you visit via ads)

How to Control Cookies:

• Browser settings: Most browsers allow blocking cookies
• Opt-out tools: Google Analytics Opt-Out
• Note: Disabling cookies may break functionality (e.g., login won't work)

8. Data Security

We implement industry-standard security measures:

• Encryption: HTTPS (SSL/TLS) for all connections
• Password Hashing: Bcrypt hashing (passwords never stored in plain text)
• Secure Hosting: Vercel's SOC 2 compliant infrastructure
• Access Controls: Only authorized personnel access databases
• Regular Backups: Daily encrypted backups

However: No system is 100% secure. If a breach occurs, we'll notify affected users within 72 hours (GDPR requirement).

9. Data Retention

We retain data as follows:

• Active Accounts: Data stored until account deletion
• Deleted Accounts: Most data deleted within 30 days; billing/tax records kept 7 years (IRS requirement)
• Cancelled Subscriptions: Account remains active for 90 days, then archived
• Backups: Deleted data purged from backups within 90 days

10. International Data Transfers

Our servers are located in the United States (Vercel). If you're accessing from the EU or other regions, your data will be transferred to the U.S.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR compliance.

11. Third-Party Links

The Service may contain links to third-party websites (e.g., Discord, YouTube). We're not responsible for their privacy practices. Review their privacy policies before providing information.

12. Marketing Communications

We send two types of emails:

• Transactional: Account creation, password resets, payment receipts (cannot opt-out)
• Marketing: Tips, new features, promotions (opt-in only, unsubscribe anytime)

To opt-out of marketing emails, click "Unsubscribe" in any email or email defcon5ready@gmail.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last Updated" date.

For material changes (e.g., new data uses), we'll notify you via email or dashboard banner 30 days before implementation.

14. Contact Us

For privacy questions or to exercise your rights:

EU Users: You also have the right to lodge a complaint with your local data protection authority if you believe we've violated GDPR.