Privacy Policy

Introduction

Serla ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event tracking and analytics platform.

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name
• Password (encrypted)
• Company information (optional)

Usage Data

When you use our service, we automatically collect:

• IP address
• Browser type and version
• Device information
• Pages visited and features used
• Date and time of access

Event Data

When you use our API to track events, you control what data is sent. This may include:

• Event names and timestamps
• User identifiers
• Custom metadata you choose to send
• IP addresses and user agents (if included in requests)

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card numbers. We store only:

• Stripe customer ID
• Last 4 digits of card (provided by Stripe)
• Billing email

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and send billing notices
• Send you technical notices and support messages
• Respond to your comments and questions
• Monitor and analyze usage patterns
• Detect and prevent fraud or abuse
• Comply with legal obligations

Data Retention

We retain your data as follows:

• Account data: Until you delete your account
• Event data: According to your subscription tier (7 days to 3 years)
• Billing records: 7 years for tax compliance
• Usage logs: 90 days

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

Service Providers

• Stripe: Payment processing
• Neon: Database hosting
• Vercel: Application hosting

Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or abuse
• Protect user safety

Data Security

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Encrypted database storage
• API key authentication with bcrypt hashing
• Regular security audits
• Access controls and monitoring

Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your event data
• Object: Opt out of certain data processing

To exercise these rights, contact us at privacy@serla.dev

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

• Contract: Processing necessary to provide our services
• Consent: You have given clear consent
• Legitimate interests: Processing for fraud prevention and service improvement

Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Preferences and settings

We do not use third-party advertising or tracking cookies.

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Adequacy decisions
• Data processing agreements

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our service. Your continued use after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: privacy@serla.dev
• Support: support@serla.dev