Privacy Policy
Last updated: December 29, 2025
This Privacy Policy describes how getplain.ai ("Plain," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access or use our websites, applications, and services (collectively, the "Services").
This Privacy Policy is designed to align with global privacy laws and security best practices, including requirements relevant to SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, and Privacy).
1. Scope and Applicability
This Privacy Policy applies to:
- Visitors to our websites
- Users of our Services
- Authorized representatives of organizations that use our Services
This policy does not apply to third-party websites or services that may be linked from our Services.
2. Information We Collect
We collect only the information necessary to operate, secure, and improve the Services.
a. Information You Provide Directly
This may include:
- Name, email address, and contact details
- Account credentials and authentication-related information
- Organization and project information
- Communications with us (support requests, feedback, inquiries)
b. Information Collected Automatically
When you use the Services, we may collect:
- IP address, device type, browser type, and operating system
- Usage data such as pages accessed, actions taken, and timestamps
- Log data for security, auditing, and troubleshooting purposes
c. Information from Third Parties
We may receive limited information from:
- Authentication providers
- Infrastructure, analytics, or monitoring providers
- Business partners acting on your organization’s behalf
We do not purchase personal data or collect data from data brokers.
3. How We Use Information
We use personal data solely for legitimate business purposes, including to:
- Provide, operate, and maintain the Services
- Authenticate users and enforce access controls
- Secure the Services and prevent fraud or abuse
- Monitor performance and reliability
- Communicate with users regarding the Services
- Comply with legal and regulatory obligations
We do not use personal data for advertising, profiling, or resale.
4. Legal Bases for Processing
Where required by law, we process personal data under one or more of the following legal bases:
- Contractual necessity to provide the Services
- Legitimate interests in operating, securing, and improving the Services
- Consent, where required (for example, optional cookies)
- Legal obligation, where processing is required by law
5. Data Access and Internal Controls
Access to personal data is:
- Restricted to authorized personnel
- Granted based on least-privilege principles
- Logged and monitored for security and audit purposes
Personnel with access to personal data are subject to confidentiality obligations and security training.
6. Data Retention
We retain personal data only for as long as necessary to:
- Provide the Services
- Fulfill contractual and legal obligations
- Resolve disputes and enforce agreements
- Maintain security and audit logs
Retention periods are reviewed periodically and data is securely deleted or anonymized when no longer required.
7. Data Security
We implement technical and organizational measures designed to protect personal data, including:
- Encryption in transit and at rest where appropriate
- Network security controls and monitoring
- Secure authentication and access management
- Incident detection and response procedures
- Regular review of security controls
While no system can be guaranteed to be completely secure, we maintain safeguards consistent with industry standards.
8. Sharing and Disclosure of Information
We may share personal data only in the following circumstances:
a. Service Providers
We share data with vetted third-party service providers that perform services on our behalf (such as hosting, analytics, authentication, or monitoring). These providers:
- Are bound by contractual confidentiality and security obligations
- Are limited to processing data solely to provide services to us
- Are reviewed as part of our vendor risk management process
b. Legal Requirements
We may disclose information if required to do so by law, regulation, or valid legal process.
c. Business Transfers
If we are involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
9. International Data Transfers
As a global service, personal data may be processed in countries outside your country of residence, including the United States. Where required by law, we implement appropriate safeguards for international transfers, such as contractual protections.
10. Your Rights and Choices
Depending on your location, you may have rights to:
- Access personal data we hold about you
- Request correction or deletion of personal data
- Object to or restrict certain processing activities
- Withdraw consent where processing is based on consent
Requests can be made by contacting us using the information below. We may need to verify your identity before responding.
11. Children’s Privacy
The Services are not intended for children under the age of 16. We do not knowingly collect personal data from children.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, security practices, or our Services. The "Last updated" date will be revised accordingly. Material changes may be communicated through the Services.
13. Contact Information
If you have questions about this Privacy Policy or our data practices, please contact:
Email: privacy@getplain.ai
Company: getplain.ai