Luffy Privacy Policy

1. Introduction

Luffy ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

3. How We Use Your Information

• To provide, operate, and maintain the Service
• To process payments and manage subscriptions
• To send transactional emails (workspace invites, workflow notifications)
• To monitor and improve the performance and security of the Service
• To comply with legal obligations
• To respond to your requests and support inquiries

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Stripe (payments), cloud infrastructure providers, and monitoring services that process data on our behalf under data processing agreements.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

5. Cookies and Tracking

We use session cookies to maintain your authenticated state. These are strictly necessary for the Service to function. We do not use third-party advertising cookies. You can control cookie preferences through your browser settings.

6. Data Retention

We retain your account data for as long as your account is active. Browser session data (cookies, history) is automatically deleted after 30 days. You may request deletion of your account and associated data at any time through Settings → Account → Delete Account.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Request your data in a machine-readable format via Settings → Account → Export Data.
• Objection: Object to processing of your data for certain purposes.

To exercise these rights, contact us at [email protected].

8. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption for sensitive data at rest, rate limiting, and input validation. No system is 100% secure; we encourage you to use a strong password and report any suspected security issues promptly.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. International Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our privacy team at [email protected].