← HomePrivacy Policy

Privacy Policy

Last updated: June 2026

1. What We Collect

We collect only what is necessary to provide the Service:

  • Account data: email address and hashed password.
  • Usage data: which tools you call, token counts, and generation timestamps — used for rate limiting and billing.
  • Payment data: processed by Paystack; we never store card details.
  • API keys: stored as hashed values; the full key is shown once at creation and never stored in plaintext.

We do not store the code or descriptions you submit for diagram generation. Input is processed in memory and discarded after the response is returned.

2. How We Use Your Data

  • To authenticate you and enforce plan limits.
  • To send transactional emails (account verification, upgrade confirmations, payment alerts) via Resend.
  • To monitor platform health and detect abuse.
  • To send product updates if you opt in (you may unsubscribe at any time).

We do not sell your data, use it for advertising, or share it with third parties except as required to provide the Service.

3. Third-Party Services

  • Anthropic: diagram generation requests are sent to Anthropic’s API. Your input is subject to Anthropic’s Privacy Policy.
  • Paystack: payment processing. Subject to Paystack’s Privacy Policy.
  • Resend: transactional email delivery.
  • Neon: PostgreSQL database hosting (EU/US regions).
  • Railway: API server hosting.
  • Vercel: dashboard hosting with optional anonymous analytics.

4. Data Retention

Account data is retained for as long as your account is active. Usage logs are retained for 90 days for billing and abuse detection. You may request deletion of your account and all associated data at any time by emailing support@umlforge.dev.

5. Security

Passwords and API keys are stored using industry-standard cryptographic hashing and are never stored in plaintext. All data in transit is encrypted via TLS. We apply rate limiting and abuse detection to protect accounts from unauthorised access.

6. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at support@umlforge.dev. We will respond within 30 days.

7. Cookies

We use a single session token for authentication, stored securely in your browser. Vercel Analytics may set anonymised analytics cookies. We do not use tracking or advertising cookies.

8. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email. The “Last updated” date at the top reflects the most recent revision.

9. Contact

Privacy questions or data requests: support@umlforge.dev