1. Introduction

This Privacy Policy explains how Templify ("Templify", "we", "us", "our") collects, uses, stores, and shares information when you use our website, APIs, integrations, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your personal data in a transparent and lawful manner. This Privacy Policy is designed to comply with applicable data protection laws, including the principles of the EU General Data Protection Regulation (GDPR), where applicable.

2. Data Controller and Contact

The data controller for the processing described in this Privacy Policy is:

Templify
Independent software vendor based in Ukraine
Email: [email protected]

3. Information We Collect

3.1 Information You Provide

Account information: when you sign up or use the Service, we may collect your email address and related account details.
Support communications: if you contact us by email or other channels, we process the information you choose to provide.

3.2 Payment and Billing Information

All payments, subscriptions, invoices, and applicable taxes are processed by our payment partner acting as Merchant of Record. We do not store full payment card details on our own servers.

We may receive limited billing-related information from the payment provider, such as:

Subscription status and plan type;
Payment success or failure notifications;
Country, currency, tax status, and similar metadata used for invoicing and compliance.

3.3 Usage Data and Logs

When you use the Service, we may automatically collect certain technical and usage information, including:

API call counts and usage per subscription plan (for billing and quota calculation);
Technical logs generated by the Service and infrastructure (for example, through Application Insights);
Approximate performance metrics, errors, and diagnostic data.

3.4 Cookies and Similar Technologies

We use cookies and similar technologies:

To manage sessions and authentication;
To remember certain settings and preferences;
To perform analytics (for example, via Google Analytics);
To support integrations such as payment widgets and security tools.

For more details, please see our Cookie Policy.

3.5 Analytics Data

We may use analytics tools (for example, Google Analytics) to collect anonymized or pseudonymized usage information, such as pages visited, approximate location (based on IP), device and browser information, and session duration. This helps us understand how the Service is used and improve it.

3.6 User Content

"User Content" includes documents, templates, and XML structures that you upload to or generate using the Service. While User Content may incidentally include personal data, we do not actively analyze such data for profiling or marketing. We process User Content only to provide the Service and related functionality.

4. Legal Bases for Processing

We rely on different legal bases depending on the type of data and the context of processing:

Contract (Art. 6(1)(b) GDPR): processing necessary to provide the Service, manage your subscription, and respond to your requests.
Legitimate interests (Art. 6(1)(f) GDPR): processing necessary for security, fraud prevention, service improvement, analytics (with safeguards), and enforcing our legal rights.
Legal obligation (Art. 6(1)(c) GDPR): processing necessary to comply with tax, accounting, and other regulatory obligations.
Consent (Art. 6(1)(a) GDPR): for certain uses of cookies, analytics, or optional communications where required.

5. How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain the Service;
To authenticate users and manage sessions;
To calculate and enforce subscription limits and API quotas;
To process subscription billing events received from our payment partner;
To monitor system performance, detect and prevent abuse or security incidents;
To respond to your inquiries and support requests;
To improve and optimize the Service through analytics and feedback;
To comply with applicable laws and regulations.

6. Data Storage and Retention

Your personal data and User Content are stored primarily in cloud infrastructure, including storage accounts, application servers, and databases.

As a general rule:

User Content is retained for the duration of an active subscription plus up to six (6) months after the subscription ends, unless deletion is requested earlier and is compatible with our legal obligations.
If an account remains inactive (for example, no active subscription and no login) for more than six (6) months, we may delete User Content and associated data.
Certain technical logs and analytics data may be retained for a shorter or longer period, depending on the purpose (e.g., security logs may be kept longer for security and compliance reasons).

We may retain some information for longer periods if required by law or for legitimate business purposes, such as record-keeping, dispute resolution, and preventing fraud.

7. Sharing of Information

We do not sell your personal data. We may share data with:

Payment provider: to process subscriptions, handle taxes, issue invoices, and manage refunds.
Cloud infrastructure providers: to host and run the Service (for example, application hosting, databases, storage, monitoring).
Email and communication service providers: to send transactional and support-related emails.
Analytics providers: to understand usage patterns and improve the Service.
Professional advisors or authorities: where required by law, in response to legal requests, or to protect our rights.

8. International Data Transfers

because we use cloud and third-party services, your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from those in your jurisdiction.

Where required, we take appropriate measures to ensure that such transfers comply with applicable data protection laws, for example by using data processing agreements and, where available, standard contractual clauses or equivalent safeguards.

9. Security

We implement reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your location and applicable law, you may have some or all of the following rights:

The right to access your personal data;
The right to request correction of inaccurate or incomplete data;
The right to request deletion of your data (subject to legal or contractual limitations);
The right to restrict or object to processing in certain circumstances;
The right to data portability, where applicable;
The right to withdraw consent at any time, where processing is based on consent;
The right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.

11. Children’s Privacy

The Service is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we may provide additional notice (for example, by email or an in-app notification).

By continuing to use the Service after the updated Privacy Policy takes effect, you accept the updated version.

13. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]