Privacy Policy

1. Introduction

Welcome to recmd.ai ("we", "our", or "us"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the UK Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI community platform for questions, prompts, solutions, and technology discussions.

2. Information We Collect

2.1 Information You Provide

• Account Information: Username, email address, profile information
• User-Generated Content: Questions, prompts, solutions, comments, votes, and tech stack recommendations
• Communication Data: Messages sent through our platform, support requests
• Payment Information: Billing details processed through Stripe (we do not store full payment card details)

2.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: Browser type, operating system, IP address
• Analytics Data: Via Google Analytics (only with your consent)
• Technical Data: Log files, error reports, performance metrics

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies for essential platform functionality and, with your consent, for analytics and performance monitoring. See our Cookie Policy for detailed information.

3. How We Use Your Information

3.1 Essential Platform Services

• Providing and maintaining our AI community platform
• User authentication and account management
• Displaying user-generated content and facilitating discussions
• Processing membership subscriptions and payments
• Sending essential service communications (account updates, security notices)

3.2 With Your Consent

• Analytics and platform improvement (Google Analytics)
• Marketing communications about new features
• Personalized content recommendations
• Email notifications about followed discussions

3.3 Legal Obligations

• Compliance with applicable laws and regulations
• Responding to legal requests and preventing fraud
• Enforcing our Terms of Service

4. Data Sharing and Third Parties

4.1 Service Providers

We share your information with trusted service providers who help us operate our platform:

• Firebase (Google): Authentication, database, and hosting services
• Stripe: Payment processing for membership subscriptions
• SendGrid: Email delivery services
• Google Analytics: Usage analytics (only with your consent)

4.2 Public Information

Your username and user-generated content (questions, prompts, solutions) are public by design as part of our community platform. Exercise caution when sharing personal information in your posts.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or to protect rights, property, or safety.

5. Your Rights and Choices

5.1 GDPR Rights (EU/UK Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restrict Processing: Limit how we process your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for analytics and marketing

5.2 CCPA Rights (California Residents)

• Know: Know what personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Correct: Correct inaccurate personal information
• Opt-Out: Opt out of the sale or sharing of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy choices

5.3 How to Exercise Your Rights

To exercise any of these rights, please:

• Visit your Privacy Settings page
• Contact us at privacy@recmd.ai
• Use our Data Export feature

6. Data Retention

• Account Data: Retained while your account is active
• User-Generated Content: Retained indefinitely unless you request deletion
• Analytics Data: Retained for 26 months (Google Analytics default)
• Payment Data: Retained per Stripe's data retention policies
• Email Communications: Retained for operational and legal requirements

When you delete your account, we will anonymize or delete your personal data within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in transit and at rest
• Secure authentication systems
• Regular security assessments
• Access controls and monitoring
• Secure coding practices

8. International Data Transfers

Your data may be processed in countries outside your residence, including the United States where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:

• Google Cloud's compliance with GDPR and international frameworks
• Stripe's global compliance and data protection measures
• Standard contractual clauses where applicable

9. Children's Privacy

Our platform is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes by email or through our platform. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your data protection rights, please contact us:

12. Supervisory Authority

If you are in the EU/UK and have concerns about our data processing that we haven't resolved, you have the right to lodge a complaint with your local data protection authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your local data protection authority