Privacy Policy

1. Introduction

Edgecraft Labs LLC ("Edgecraft Labs," "we," "us," or "our") operates a subscription-based software-as-a-service platform accessible at edgecraftlabs.io and its associated subdomains (collectively, the "Service"). Our platform provides analytics, training simulations, and performance tracking tools for strategy-based domains, designed for educational and analytical purposes.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you visit our website, create an account, subscribe to our Service, or otherwise interact with us. It applies to all users of our website and Service, regardless of location.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Service immediately.

This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy, which govern your use of the Service and provide additional information about our use of cookies and similar technologies, respectively.

2. Information We Collect

We collect information in several ways: directly from you when you provide it, automatically when you use the Service, and from third-party sources where applicable. The categories of information we collect are described below.

2.1 Account Information

When you create an account or subscribe to our Service, we collect personal information that you voluntarily provide, including:

• Full name
• Email address
• Password (stored in hashed, encrypted form)
• Billing address and country of residence
• Subscription plan selection and account preferences
• Any other information you choose to provide in your account profile or through communications with us

2.2 Payment Information

When you purchase a subscription, payment information is required to process the transaction. All payment processing is handled by third-party payment processors (such as Stripe). These processors collect and handle your payment card number, expiration date, CVC, and billing details directly. We do not receive, store, or have access to your full credit card number or complete payment card details. We may receive and retain limited transaction information from our payment processors, such as the last four digits of your card, the card brand, the billing country, and the transaction amount, solely for record-keeping, support, and fraud prevention purposes.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including:

• Features accessed and tools used within the platform
• Session duration and frequency of use
• Interactions with interface elements (clicks, navigation patterns, searches)
• Simulation parameters selected and analytical configurations applied
• Performance tracking data and results generated through the platform
• Timestamps of account activity, including login and logout times
• Error logs and crash reports generated during your use of the Service

2.4 Device and Technical Data

When you access the Service, we automatically collect certain technical information from your device and browser, including:

• Internet Protocol (IP) address
• Browser type and version
• Operating system and version
• Device type, model, and unique device identifiers
• Screen resolution and display settings
• Referring URL and exit pages
• Language and timezone preferences
• Network connection type

2.5 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity, preferences, and interactions with our Service. These technologies help us maintain your session, remember your preferences, understand how you use our platform, and improve the overall user experience. Some of these technologies are strictly necessary for the operation of the Service, while others are used for analytics and performance monitoring purposes.

For detailed information about the specific cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Maintaining the Service

We use your account and usage information to operate, deliver, and maintain the Service, including authenticating your identity, managing your account, granting access to features associated with your subscription plan, and providing customer support when you contact us.

3.2 Processing Subscriptions and Payments

We use your account and limited payment information to process subscription purchases, manage billing cycles, handle renewals and cancellations, issue receipts and invoices, and resolve payment-related disputes. Actual payment processing is performed by our third-party payment processors, subject to their own privacy policies.

3.3 Improving and Personalizing the Platform

We analyze usage data, device information, and aggregated behavioral patterns to understand how our users interact with the platform. This analysis helps us identify areas for improvement, develop new features, optimize existing tools, fix bugs, and tailor the user experience to better serve our users' needs. Where possible, we perform this analysis using aggregated or de-identified data.

3.4 Service-Related Communications

We use your email address to send transactional and service-related communications, including account verification emails, subscription confirmations, billing notifications, security alerts, updates about changes to the Service or our policies, and responses to your inquiries or support requests. These communications are necessary for the operation of the Service and are not marketing messages.

3.5 Security and Fraud Prevention

We use technical data, usage patterns, and account information to detect, investigate, and prevent fraudulent activity, unauthorized access, abuse of the Service, and other activities that violate our Terms of Service or applicable law. This includes monitoring for suspicious login attempts, automated abuse, and account compromise.

3.6 Legal Compliance

We may process your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. This includes retaining certain records as required by tax, accounting, or other legal obligations.

3.7 Analytics and Performance Monitoring

We use analytics tools to monitor the performance, availability, and reliability of our Service. This includes tracking page load times, error rates, system resource utilization, and overall platform health to ensure a stable and performant experience for all users.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR) and equivalent legislation when processing your personal data:

4.1 Contractual Necessity

We process your personal data where it is necessary for the performance of our contract with you -- specifically, to provide you with access to the Service, manage your account, process your subscription, and deliver the features you have subscribed to. Without this processing, we would be unable to provide the Service to you.

4.2 Legitimate Interests

We process certain personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving and optimizing the Service, ensuring network and information security, preventing fraud and abuse, conducting internal analytics, and understanding how users engage with our platform. We conduct balancing assessments to ensure our legitimate interests do not unduly impact your rights.

4.3 Consent

Where required by law, we obtain your consent before processing certain types of personal data. This may include consent for the use of non-essential cookies or for receiving marketing communications, where applicable. Where consent is the legal basis, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred prior to withdrawal.

4.4 Legal Obligation

We process personal data where necessary to comply with a legal obligation to which we are subject, such as tax reporting requirements, responding to lawful requests from public authorities, or retaining records as required by applicable law.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your personal information only in the limited circumstances described below.

5.1 Service Providers

We engage trusted third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers that store and serve our platform and your data
• Payment processors that handle subscription billing and payment transactions
• Analytics providers that help us understand Service usage and performance
• Email delivery services that transmit transactional and service-related communications
• Customer support tools that help us respond to and manage user inquiries

These service providers are contractually obligated to use your personal information only as necessary to provide services to us and are required to maintain the confidentiality and security of your data. We do not authorize them to use or disclose your information for their own purposes.

5.2 Legal Requirements

We may disclose your personal information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service or other agreements, including investigation of potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Edgecraft Labs, our users, or the public as required or permitted by law.

5.3 Business Transfers

In the event that Edgecraft Labs is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or a portion of our assets, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information, and you will have the opportunity to exercise your rights as described in this policy.

5.4 With Your Consent

We may share your personal information with third parties when you have given us your explicit consent to do so, or when you direct us to share information in connection with your use of the Service.

5.5 We Do Not Sell Personal Data

To be clear and unambiguous: Edgecraft Labs does not sell your personal information to third parties, and we have not sold personal information in the preceding twelve months. This applies to all users, including California residents under the California Consumer Privacy Act (CCPA) and consumers under any other applicable state or national privacy law. We do not engage in the sale of personal data as defined by the CCPA, the GDPR, or any comparable regulation.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and as required to comply with our legal obligations, resolve disputes, and enforce our agreements.

Specifically:

• Account data is retained for as long as your account remains active. If you request account deletion, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).
• Usage and analytics data may be retained in aggregated or de-identified form for a longer period, as such data no longer constitutes personal information and is used solely for platform improvement and statistical analysis.
• Transaction and billing records are retained for the period required by applicable tax and accounting laws, typically up to seven (7) years from the date of the transaction.
• Communication records (such as support tickets and correspondence) are retained for up to three (3) years following the resolution of the inquiry, unless a longer retention period is required by law.
• Server logs and technical data are typically retained for up to ninety (90) days for security and debugging purposes, after which they are automatically deleted or anonymized.

When personal data is no longer needed for any of the above purposes, we securely delete or anonymize it in accordance with our internal data retention policies and applicable legal requirements.

7. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures include, but are not limited to:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure password hashing using modern cryptographic algorithms
• Access controls that restrict personal data access to authorized personnel on a need-to-know basis
• Regular security assessments and vulnerability monitoring of our infrastructure
• Secure software development practices, including code review and dependency management
• Incident response procedures to address potential data breaches promptly and effectively

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining and continuously improving our security practices in accordance with industry standards. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

8. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and facilitating their exercise.

8.1 Rights Under the GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent legislation:

• Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure: You have the right to request that we delete your personal data, subject to certain exceptions (such as where retention is required by law or for the exercise or defense of legal claims).
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
• Right to Object: You have the right to object to our processing of your personal data based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

8.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collection, and the categories of third parties with whom we shared it.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. As stated above, Edgecraft Labs does not sell or share your personal information as those terms are defined under the CCPA/CPRA.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, you may contact us by:

• Sending an email to privacy@edgecraftlabs.io with the subject line "Privacy Rights Request"
• Writing to us at the address provided in the Contact Information section below

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your account. We may need to verify your identity before fulfilling your request, which may involve confirming information associated with your account. We will respond to verifiable requests within thirty (30) days, or within the timeframe required by applicable law. If we require additional time, we will inform you of the reason and the expected timeline. You may designate an authorized agent to submit requests on your behalf, provided you supply written authorization and we can verify your identity.

9. International Data Transfers

Edgecraft Labs LLC is headquartered in the United States. If you access the Service from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those of your country of residence.

Where we transfer personal data from the EEA, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to ensure your personal data remains protected. These safeguards may include the use of Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement or Addendum, or other legally recognized transfer mechanisms.

By using the Service, you acknowledge and consent to the transfer and processing of your personal information as described in this section. If you have questions about the specific safeguards we apply to international transfers of your data, you may contact us at privacy@edgecraftlabs.io.

10. Children's Privacy

The Service is not intended for, directed at, or designed to be used by individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at privacy@edgecraftlabs.io, and we will promptly investigate and take appropriate action.

11. Third-Party Links

The Service may contain links to third-party websites, services, or applications that are not operated or controlled by Edgecraft Labs. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party website or service. We encourage you to review the privacy policies of any third-party service before providing your personal information or using their services. The inclusion of a link to a third-party service does not imply endorsement by Edgecraft Labs.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised Privacy Policy on our website
• Where required by applicable law, notify you by email or through a prominent notice on the Service prior to the change becoming effective

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the revised policy, you should discontinue your use of the Service.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights under applicable privacy law, please contact us using the information below:

We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and no later than thirty (30) days from receipt of your request, or within any shorter period required by applicable law.