RapidTok

Privacy Policy

Last updated: [DATE]
Draft / placeholder. This is scaffolding to be reviewed and completed by a qualified lawyer, especially for GDPR/CCPA compliance. Replace the bracketed text and confirm it reflects exactly what your Service does.

This Privacy Policy explains how [LEGAL ENTITY NAME] ("we", "us") collects, uses and protects personal data when you use RapidTok (the "Service"). It applies to visitors and account holders.

1. Information we collect

  • Account data — your email address and password (stored only as a secure hash).
  • Payment data — handled by Stripe; we store a Stripe customer reference and your subscription status, but not your full card details.
  • Usage & device data — pages viewed, and analytics/advertising identifiers via [Google Analytics / Google Ads].
  • Communications — messages you send us via the contact form or email.

2. How we use it

To provide and secure the Service, process subscriptions, send transactional email (e.g. verification and password-reset messages via Resend), respond to support requests, and improve the product. [List each purpose you actually rely on.]

3. Legal bases (GDPR)

Where GDPR applies, we process data under [contract necessity, legitimate interests, consent for analytics/marketing, and legal obligation]. [Confirm the bases per purpose.]

4. Sharing & third parties

We share data with service providers who process it on our behalf, including [Stripe (payments), Resend (email), your hosting/database provider, Google (analytics/ads)]. We do not sell your personal data. [Confirm your sub-processors.]

5. Cookies & tracking

We use essential cookies for authentication and [analytics/advertising] cookies where permitted. [Describe your cookie/consent approach — a consent banner may be required for EU visitors.]

6. Data retention

We keep account data while your account is active and for [period] afterwards, then delete or anonymise it, except where longer retention is legally required.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your data, and to object to or restrict certain processing (GDPR), or to opt out of "sale"/"sharing" (CCPA). To exercise these, contact team@rapidtok.com. [Confirm how you handle and verify these requests.]

8. Data security

We use reasonable technical and organisational measures, including hashed passwords and encrypted connections. No method is 100% secure. [Describe your safeguards.]

9. International transfers

[If data leaves the user's region — e.g. EU to US via Stripe/hosting — describe the safeguards, such as Standard Contractual Clauses.]

10. Children

The Service is not directed to children under [16/13] and we do not knowingly collect their data.

11. Changes

We may update this policy; material changes will be notified by [email / in-app notice].

12. Contact

Questions or requests? Email team@rapidtok.com or use our contact page.