Privacy Policy

1. Introduction

Console Maven ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our console error detection and analysis service.

Key Principles: We collect only the data necessary to provide our Service, we do not sell your data, and you have full control over your information.

2. Information We Collect

2.1 Account Information (via OAuth)

When you create an account using Google or GitHub OAuth, we collect:

• Email address
• Name (from OAuth provider)
• Profile picture URL (optional)
• OAuth provider user ID

Note: We do NOT store passwords. Authentication is handled entirely by Google or GitHub.

2.2 Scan Data

When you perform website scans, we collect:

• URLs of websites you scan
• Console errors, warnings, and logs detected
• Lighthouse performance scores
• Network request information
• Browser information (Chrome, Firefox, Edge)
• Scan timestamps and results

2.3 Usage and Analytics Data

• IP address (for rate limiting and abuse prevention)
• Browser fingerprint (for anonymous user tracking)
• Scan count and frequency
• Feature usage patterns
• API key usage statistics

2.4 Payment Information

Payment processing is handled by Stripe. We do NOT store credit card numbers. We receive:

• Stripe customer ID
• Subscription status and tier
• Billing history
• Last 4 digits of card (from Stripe)

2.5 Communications

• Email notifications (scan completion, account updates)
• Support correspondence
• Marketing emails (only if you opt-in)

3. How We Use Your Information

We use collected information to:

• Provide the Service: Execute scans, generate reports, store scan history
• Authentication: Identify and authenticate users via OAuth
• Billing: Process payments and manage subscriptions
• Rate Limiting: Prevent abuse and ensure fair usage
• AI Analysis: Provide error analysis and fix suggestions
• Service Improvement: Analyze usage patterns to improve features
• Communication: Send scan notifications and important updates
• Legal Compliance: Comply with legal obligations and resolve disputes

4. Data Sharing and Disclosure

We do NOT sell your data. We share information only in these limited circumstances:

4.1 Service Providers

• Stripe: Payment processing
• OpenAI/Anthropic: AI error analysis (error text only, no PII)
• SendGrid: Email delivery
• Fly.io: Infrastructure and hosting

4.2 Legal Requirements

We may disclose information if required by law, subpoena, or to protect our rights and safety.

4.3 Business Transfers

If Console Maven is acquired or merged, your information may be transferred to the new entity.

5. Data Retention

• Scan Results: Free tier: 90 days | Pro tier: 1 year | Enterprise: Custom
• Account Data: Retained while your account is active
• Usage Logs: 2 years for billing and compliance
• Anonymous Scan Data: 24 hours (for rate limiting only)

Account Deletion: When you delete your account, we permanently delete your personal information within 30 days, except data required for legal compliance.

6. Data Security

We implement industry-standard security measures:

• Encryption: All data in transit (HTTPS/TLS) and at rest (AES-256)
• Authentication: OAuth 2.0 with no password storage
• API Keys: Encrypted storage with bcrypt hashing
• Access Control: Role-based access with audit logs
• Infrastructure: Secure hosting on Fly.io with automatic backups

Note: No system is 100% secure. We take reasonable precautions but cannot guarantee absolute security.

7. Your Privacy Rights

7.1 GDPR Rights (EU Residents)

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your account and data
• Right to Restriction: Limit how we use your data
• Right to Portability: Export your data in JSON format
• Right to Object: Opt out of marketing communications

7.2 CCPA Rights (California Residents)

• Right to Know: What data we collect and why
• Right to Delete: Request deletion of your data
• Right to Opt-Out: We do not sell data, so opt-out is not applicable
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights: Email privacy@consolegentic.com or use the dashboard settings.

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and session management
• Analytics Cookies: Usage statistics (anonymized)
• Functional Cookies: Remember your preferences

Browser Fingerprinting: We use FingerprintJS to identify anonymous users for rate limiting. This does not track you across websites.

Third-Party Cookies: Stripe may set cookies during payment processing.

9. Children's Privacy

Console Maven is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Console Maven is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. We comply with applicable data protection laws, including GDPR for EU users.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification at least 30 days in advance. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

Email: privacy@consolegentic.com
Data Protection Officer: dpo@consolegentic.com
Website: https://consolegentic.com

Response Time: We respond to privacy requests within 30 days as required by law.