Privacy Policy

1. Introduction

Welcome to EsticApp ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Software as a Service (SaaS) platform, EsticApp (the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you register for the Service, including but not limited to:

• Full name
• Email address
• Account credentials (username and encrypted password)
• Payment information (processed by third-party payment processors)
• Profile information and preferences

2.2 Usage Data

We automatically collect certain information when you visit, use, or navigate the Service, including:

• Device information (IP address, browser type, operating system)
• Usage patterns and interactions with the Service
• Log data (access times, pages viewed, clicks)
• Error logs and debugging information
• Cookies and similar tracking technologies

2.3 User-Generated Content

Any data, files, documents, or content you upload, create, or store through the Service is collected and stored securely on our infrastructure.

3. How We Use Your Information

We use the information we collect or receive for the following purposes:

• Service Provision: To provide, operate, and maintain the Service
• Account Management: To create and manage your user account
• Communication: To send transactional emails, notifications, and updates via Brevo (formerly Sendinblue)
• Payment Processing: To process your subscription payments through third-party payment processors
• Error Monitoring: To detect, prevent, and address technical issues using Rollbar error tracking
• Analytics: To understand how users interact with the Service and improve user experience
• Security: To protect against fraud, abuse, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Customer Support: To respond to your inquiries and provide technical support

4. Third-Party Service Providers

We share your information with third-party service providers who perform services on our behalf:

4.1 Amazon Web Services (AWS) S3

We use AWS S3 for secure cloud storage of user data, files, and backups. AWS maintains industry-standard security certifications and implements robust data protection measures.

4.2 Brevo (formerly Sendinblue)

We use Brevo to send transactional emails, including account notifications, password resets, and service updates. Brevo processes email addresses and communication content solely for email delivery purposes.

4.3 Rollbar

We use Rollbar for error tracking and debugging. Rollbar may process IP addresses, user metadata, and error logs to help us identify and resolve technical issues affecting the Service.

4.4 Payment Processors

We use third-party payment processors (such as Stripe or LemonSqueezy) to process subscription payments. These payment processors collect and process payment information directly and are bound by their own privacy policies. We do not store complete credit card information on our servers.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Secure backup and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you terminate your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 GDPR Rights (European Economic Area)

If you are located in the EEA, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Rectification: Request correction of inaccurate or incomplete personal information
• Erasure: Request deletion of your personal information ("right to be forgotten")
• Restriction: Request restriction of processing of your personal information
• Portability: Request transfer of your personal information to another service provider
• Objection: Object to processing of your personal information
• Withdraw Consent: Withdraw consent where processing is based on consent

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by businesses
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within the timeframe required by applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data that are stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Types of cookies we use:

• Essential Cookies: Required for the Service to function properly
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service
• Security Cookies: Authenticate users and prevent fraudulent activity

9. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

10. Children's Privacy

Our Service is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, your personal information, or wish to exercise your privacy rights, please contact us at: