Privacy Policy

Last Updated: September 30, 2025

⚠️ PLACEHOLDER CONTENT: This is placeholder content for development purposes only. Please replace with legally reviewed privacy policy before production deployment.

1. Introduction

EnvManager ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our environment variable management service.

2. Information We Collect

2.1 Account Information

  • Email address (required for account creation)
  • Password (encrypted and never stored in plaintext)
  • Account creation date
  • Last login information

2.2 Project and Environment Data

  • Project names and descriptions
  • Environment names (development, staging, production, etc.)
  • Environment variable keys and values
  • Variable change history for audit purposes

2.3 Usage Information

  • IP addresses (for security and audit logging)
  • Browser type and version
  • Access timestamps
  • API usage patterns

2.4 Technical Information

  • Cookies and session data
  • Device information
  • Error logs and diagnostics

3. How We Use Your Information

3.1 Primary Purposes

  • Service Provision: To provide and maintain the environment variable management service
  • Authentication: To verify your identity and secure your account
  • Communication: To send service-related notifications and updates
  • Support: To respond to your inquiries and provide customer support

3.2 Security and Compliance

  • Security: To detect and prevent unauthorized access and fraud
  • Audit: To maintain audit logs for security and compliance purposes
  • Legal: To comply with legal obligations and enforce our terms

3.3 Service Improvement

  • Analytics: To understand how users interact with our service
  • Optimization: To improve performance and user experience
  • Development: To develop new features and services

4. Data Storage and Security

4.1 Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • At Rest: Sensitive environment variables are encrypted using industry-standard encryption (AES-256)
  • Passwords: All passwords are hashed using bcrypt with appropriate salt rounds

4.2 Data Location

  • Data is stored on secure servers provided by Supabase
  • Database backups are encrypted and stored securely
  • We do not transfer data outside of the designated region without your consent

4.3 Security Measures

  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Monitoring and logging of suspicious activities
  • Incident response procedures

5. Data Sharing

5.1 We Do NOT Sell Your Data

We do not and will not sell your personal information to third parties.

5.2 Service Providers

We may share data with trusted service providers who assist us in operating our service:

  • Hosting Provider: Supabase (database and authentication)
  • Email Service: TO BE DETERMINED (for transactional emails)
  • Analytics: TO BE DETERMINED (for usage analytics)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or abuse
  • Protect user safety

6. Your Rights

6.1 Access and Portability

  • You can access all your data through your account dashboard
  • You can export your projects and environment variables at any time
  • You can request a complete copy of your data

6.2 Correction and Deletion

  • You can update your account information at any time
  • You can delete projects and variables through the interface
  • You can delete your entire account through the settings page

6.3 Objection and Restriction

  • You can object to certain data processing activities
  • You can request restriction of processing in certain circumstances
  • You can withdraw consent where processing is based on consent

6.4 Data Retention

  • Active accounts: Data retained indefinitely
  • Deleted accounts: Personal data permanently deleted within 30 days
  • Audit logs: Retained for up to 7 years for compliance purposes

7. Cookies and Tracking

7.1 Essential Cookies

We use cookies that are necessary for the service to function:

  • Authentication cookies (session management)
  • Security cookies (CSRF protection)
  • Preference cookies (user settings)

7.2 Analytics Cookies

We may use analytics cookies to understand service usage:

  • Page views and navigation patterns
  • Feature usage statistics
  • Error tracking and diagnostics

You can disable non-essential cookies through your browser settings.

8. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Users

If you access our service from outside PRIMARY JURISDICTION:

  • Your data may be transferred to and processed in PRIMARY JURISDICTION
  • We comply with applicable data protection laws
  • We use appropriate safeguards for international data transfers

10. Changes to This Policy

We may update this privacy policy from time to time. We will:

  • Notify you of significant changes via email or service notification
  • Post the updated policy with a new "Last Updated" date
  • Obtain your consent if required by law

Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, concerns, or requests:

11.1 Response Time

We will respond to privacy requests within:

  • 30 days for general inquiries
  • 14 days for data access/deletion requests in most jurisdictions
  • As required by local data protection laws

12. Regional Specific Information

12.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

  • Right to data portability in a machine-readable format
  • Right to lodge a complaint with supervisory authorities
  • Specific grounds for objection to processing

12.2 California (CCPA)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising your rights

Note: This is placeholder privacy policy content. Before production use, this policy must be reviewed and approved by qualified legal counsel and a data protection officer to ensure compliance with GDPR, CCPA, and other applicable privacy regulations.