Privacy Policy

1. Who We Are

C4InterFlow is operated by Slava Vedernikov — Creator of C4InterFlow — Open-source Architecture as Code Framework, a sole trader based in the United Kingdom (“we”, “us”, “our”). We are the data controller for personal data processed through the Service.

Contact: support@c4interflow.com

2. What Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, profile picture (provided during sign-up via OAuth or email)
• Billing data: subscription tier, billing history (payment card details are processed and stored by Paddle, not by us)
• Usage data: workspace name, repositories, architecture models you create
• Technical data: IP address, browser type, device type, log data, and error reports
• Communication data: emails you send to our support address

3. How We Use Your Data

We use your data to:

• Provide, operate, and maintain the Service
• Process payments and manage subscriptions (via Paddle)
• Send transactional emails (e.g. invitation emails, subscription notifications)
• Respond to support requests
• Monitor service health, diagnose errors, and improve performance
• Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

• Contract: processing necessary to provide the Service you have subscribed to
• Legitimate interests: service security, fraud prevention, and product analytics
• Legal obligation: retaining records required by law
• Consent: where we have obtained your explicit consent (e.g. marketing communications, if applicable)

5. Third-Party Services

We share data with the following sub-processors to operate the Service:

• Clerk — authentication and user identity (EU/US)
• Supabase — database and storage (EU — Frankfurt)
• Vercel — application hosting, serverless functions, and page-view analytics
• Paddle — payment processing and subscription management (Merchant of Record)
• Resend — transactional email delivery

Each sub-processor is contractually bound to handle your data in accordance with applicable data protection law.

6. Data Retention

We retain your account and workspace data for as long as your account is active. Upon cancellation, workspace data is retained for 30 days before permanent deletion. Billing records may be retained for up to 7 years to comply with UK tax law. You may request earlier deletion by contacting us.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your data (right to be forgotten), subject to legal retention requirements
• Restrict processing in certain circumstances
• Data portability — receive your data in a machine-readable format (export as YAML is available in-app at any time)
• Object to processing based on legitimate interests
• Withdraw consent where consent is the legal basis

To exercise any of these rights, contact us at support@c4interflow.com. We will respond within 30 days.

8. Cookies

We use essential cookies required for authentication and session management. We may also use analytics cookies (Vercel Analytics) to understand how the Service is used. [PLACEHOLDER: add Iubenda cookie banner details here.]

9. International Transfers

Some of our sub-processors (e.g. Clerk, Vercel) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS), row-level security in our database, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the Service. Continued use after changes take effect constitutes acceptance of the revised policy.

12. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

13. Contact

For any privacy-related questions or requests: support@c4interflow.com