Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Email address and profile information when you create an account
• Website domains and associated metadata when you register sites
• Content modifications and version history made through our service
• Payment information (processed securely by third-party providers)
• Support communications and feedback
• API keys and integration settings (encrypted at rest)

1.2 Automatically Collected Information

• Usage analytics and feature interaction data
• IP addresses (hashed for privacy) and geolocation data
• Browser and device information for compatibility
• Session data and authentication tokens
• Performance metrics and error logs
• Security event logs and access patterns

1.3 Website Integration Data

• Website structure and content elements (for editing functionality)
• Edit session tokens and authentication data
• Script integration status and configuration
• Website performance impact metrics

2. How We Use Your Information

2.1 Service Delivery

• Provide secure content editing and management capabilities
• Maintain user accounts and authentication systems
• Process and store content modifications with version control
• Generate AI-powered content suggestions and translations
• Ensure cross-browser and device compatibility

2.2 Security & Compliance

• Monitor for security threats and unauthorized access
• Prevent fraud, abuse, and malicious activities
• Maintain comprehensive audit logs for compliance
• Implement access controls and session management
• Conduct security assessments and vulnerability testing

2.3 Service Improvement

• Analyze usage patterns to enhance user experience
• Optimize performance and reduce loading times
• Develop new features based on user needs
• Send important service notifications and security updates
• Provide customer support and technical assistance

3. Information Sharing & Data Transfers

3.1 Limited Sharing Circumstances

We may share information only in these strictly limited circumstances:

• With your explicit, informed consent
• To comply with valid legal processes (subpoenas, court orders)
• To protect against immediate threats to safety or security
• In connection with business transfers (with continued privacy protection)
• With essential service providers under Data Processing Agreements (DPAs)

3.2 Service Providers & Processors

We work with carefully vetted service providers who assist in our operations:

• Cloud hosting providers (AWS, Google Cloud) with security certifications
• Payment processors (Stripe) with PCI DSS compliance
• Analytics services with privacy-focused configurations
• Email service providers with encryption capabilities
• All providers operate under strict confidentiality and data protection agreements

3.3 International Transfers

When data is transferred internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent protection
• Additional safeguards such as encryption and access controls

4. Data Security & Protection Measures

4.1 Encryption & Data Protection

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data in transit
• End-to-end encryption for sensitive operations
• Encrypted database connections and backups
• Client-side encryption for edit tokens

4.2 Access Controls & Authentication

• Multi-factor authentication (MFA) enforcement
• Role-based access control (RBAC) systems
• Just-in-time (JIT) access for administrative operations
• Regular access reviews and privilege rotation
• Zero-trust network architecture

4.3 Security Monitoring & Response

• 24/7 security operations center (SOC) monitoring
• Automated threat detection and response systems
• Regular penetration testing and vulnerability assessments
• Intrusion detection and prevention systems (IDS/IPS)
• Comprehensive audit logging and SIEM integration

4.4 Infrastructure Security

• Secure, certified cloud hosting environments
• Network segmentation and firewalls
• Regular security patches and updates
• Distributed denial-of-service (DDoS) protection
• Disaster recovery and business continuity planning

5. Your Privacy Rights & Controls

5.1 Data Subject Rights (GDPR/CCPA Compliance)

You have the right to:

• Access: Request copies of your personal data and understand how it's processed
• Rectification: Correct inaccurate or incomplete personal information
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Export your data in a structured, machine-readable format
• Restriction: Limit the processing of your personal information
• Objection: Object to processing based on legitimate interests
• Opt-out: Withdraw consent or opt out of marketing communications

5.2 Privacy Controls

• Account settings dashboard for privacy preferences
• Granular consent management for data processing
• Session and authentication token management
• Data retention period customization
• Real-time data processing transparency reports

5.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@recopyfast.com. We will respond within 30 days and may require identity verification for security.

6. Cookies & Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and basic functionality
• Performance Cookies: Analyze site performance and user experience
• Functional Cookies: Remember your preferences and settings
• Security Cookies: Detect suspicious activity and prevent fraud

6.2 Cookie Management

You have full control over cookies through:

• Browser settings and preferences
• Our cookie consent banner and settings
• Third-party opt-out tools and extensions
• Regular cookie cleanup and management

6.3 Third-Party Tracking

We minimize third-party tracking and use privacy-focused alternatives where possible. Any third-party services are carefully evaluated for privacy compliance.

7. Data Retention & Deletion

7.1 Retention Periods

• Account Data: Retained for the duration of your account
• Content Data: Retained as long as needed for service delivery
• Usage Analytics: Aggregated and anonymized after 12 months
• Security Logs: Retained for 7 years for security and compliance
• Support Communications: Retained for 3 years

7.2 Secure Deletion

When data is deleted, we use secure deletion methods including cryptographic erasure and multi-pass overwriting to ensure data cannot be recovered.

8. Changes to This Policy

8.1 Policy Updates

We may update this privacy policy to reflect legal requirements, security enhancements, or service changes. Material changes will be communicated through:

• Email notifications to all users
• In-app notifications for 30 days
• Updates to the "Last Updated" date
• Prominent notices on our website

8.2 Version History

Previous versions of this policy are archived and available upon request for transparency and compliance purposes.

9. Privacy by Design & Compliance

9.1 Privacy Frameworks

We comply with major privacy regulations and frameworks:

• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act
• Children's Online Privacy Protection Act (COPPA) - we do not knowingly collect data from children under 13
• SOC 2 Type II compliance for security and availability
• ISO 27001 information security management standards

9.2 Regular Assessments

We conduct regular privacy impact assessments and security audits to ensure ongoing compliance and continuous improvement of our privacy practices.