Project-Labs-x
ProjectLabs-x

Legal / Privacy Policy

Privacy
Policy.

Last updated
21 June 2026
Jurisdiction
Global
Contact
privacy@project-labsx.com
01 Overview02 What we collect03 How we use it04 Who we share it with05 Retention & deletion06 Your rights07 Security08 Changes to this policy
01

Overview

Project-Labs-x ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and the rights you have over it. We operate minimal data infrastructure by design. We do not sell your data. We do not run advertising networks. We do not profile you across third-party sites. If you have any questions that this document does not answer, contact us directly at privacy@project-labsx.com.
02

What we collect

We collect only what is necessary to operate our services: — Account information: email address, chosen username, and hashed password when you register. — Usage data: page views, feature interactions, and session duration, collected in aggregate and never tied to individual identity where avoidable. — Communications: messages you send us via the contact form or email, stored solely to respond to your enquiry. — Technical data: IP address (truncated after 24 hours), browser type, and OS — used to diagnose errors and prevent abuse. — Payment data: if you purchase a paid plan, payment is processed by a PCI-compliant third party (Stripe). We never store card numbers. We do not collect biometric data, sensitive personal information, or data from children under 16.
03

How we use it

We use the data we collect for three purposes only: 1. To operate and improve our products — debugging, performance monitoring, and understanding which features are useful. 2. To communicate with you — responding to support requests, sending product updates you have opted into, and security alerts. 3. To comply with legal obligations — we retain certain records as required by applicable law. We do not use your data to train AI models without explicit opt-in consent. We do not use it for targeted advertising. We do not share it with third parties except as described in the section below.
04

Who we share it with

We share data with a small number of sub-processors who are contractually bound to process it only as we direct: — Vercel: hosting and edge delivery infrastructure. — Stripe: payment processing for paid plans. — Resend: transactional email delivery. — PostHog (optional, self-hostable): aggregate product analytics. We may disclose data if required by law, court order, or to protect the rights and safety of our users and the public. We will notify you of such requests where legally permitted. We do not sell, rent, or trade personal data under any circumstances.
05

Retention & deletion

We keep your data only as long as necessary: — Account data: retained while your account is active and deleted within 30 days of account closure. — Usage logs: aggregate data retained indefinitely; individual-level logs purged after 90 days. — Communications: retained for 2 years to maintain support continuity, then deleted. — Payment records: retained for 7 years as required by tax law. You can request deletion of your account and all associated personal data at any time by emailing privacy@project-labsx.com. We will confirm deletion within 30 days.
06

Your rights

Depending on your location, you may have the following rights: — Access: request a copy of all personal data we hold about you. — Rectification: ask us to correct inaccurate data. — Erasure: ask us to delete your data (subject to legal retention requirements). — Portability: receive your data in a machine-readable format. — Objection: object to processing based on legitimate interests. — Restriction: ask us to limit processing while a dispute is resolved. — Withdrawal of consent: where processing is based on consent, withdraw it at any time. To exercise any of these rights, email privacy@project-labsx.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
07

Security

We implement technical and organisational measures proportionate to the risk: — All data in transit is encrypted via TLS 1.3. — Passwords are hashed using bcrypt with a minimum cost factor of 12. — Production databases are encrypted at rest using AES-256. — Access to production systems is restricted to essential personnel and gated by hardware MFA. — We conduct periodic security reviews and respond to responsible disclosures within 72 hours. No system is perfectly secure. In the event of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware.
08

Changes to this policy

We may update this policy as our services evolve. When we make material changes, we will: — Update the "Last updated" date at the top of this page. — Email registered users at least 14 days before the change takes effect. — In cases of significant changes, require re-acknowledgement before continued use. Continued use of our services after the effective date constitutes acceptance of the updated policy.

Questions about this policy? Email privacy@project-labsx.com — we respond within 2 business days.