1. Introduction
Welcome to Process Catalog ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password (encrypted)
- Organization Data: Company name, billing information
- Project Data: Repository URLs, configuration settings, discovered processes
- Payment Information: Processed securely by Stripe (we don't store card details)
2.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent
- Device Information: Browser type, operating system, IP address
- Cookies: See our Cookie Policy below
2.3 Source Code Analysis
When you run a discovery scan, we analyze your source code to discover processes. This analysis:
- Is performed using GitHub API (no local cloning)
- Only processes files necessary for discovery
- Does not store your complete source code
- Stores only discovered process metadata and artifacts (BPMN, diagrams)
- Can be deleted at any time from your project settings
3. How We Use Your Information
We use your information to:
- Provide and maintain our service
- Process discovery scans and generate process catalogs
- Manage your account and billing
- Send service updates and security alerts
- Improve our service and develop new features
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Cookie Policy
4.1 Necessary Cookies
Required for authentication, security (CSRF protection), and basic site functionality. These cannot be disabled.
4.2 Analytics Cookies
Help us understand usage patterns to improve the service. You can opt-out via our cookie banner.
4.3 Marketing Cookies
Used for targeted advertising and measuring campaign effectiveness. Optional and disabled by default.
4.4 Preference Cookies
Remember your settings (theme, language, layout). Optional but recommended for better experience.
You can manage your cookie preferences at any time through our Settings page.
5. Data Sharing and Disclosure
5.1 We Do NOT Sell Your Data
We will never sell, rent, or trade your personal information.
5.2 Service Providers
We share data with trusted third-party service providers:
- Stripe: Payment processing (PCI-DSS compliant)
- GitHub: Source code access via API (with your token)
- AWS/Cloud Storage: Secure artifact storage
- Analytics: Usage analytics (if you consented)
5.3 Legal Requirements
We may disclose your information if required by law, court order, or to protect rights, property, or safety.
6. Data Security
We implement industry-standard security measures:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure password hashing (bcrypt)
- CSRF protection on all forms
- Regular security audits
- Access controls and authentication
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
7. Data Retention
- Account Data: Retained while your account is active
- Project Data: Retained until you delete the project
- Backups: May be retained for up to 90 days
- Logs: Retained for 30 days for security purposes
8. Your Rights (GDPR & CCPA)
You have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Deletion: Request deletion of your data ("Right to be Forgotten")
- Portability: Export your data in a structured format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Withdraw Consent: Revoke cookie consent at any time
To exercise these rights, contact us at privacy@processcatalog.io or visit Settings.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place (Standard Contractual Clauses, Privacy Shield).
10. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected such data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on our service. Continued use after changes constitutes acceptance.
12. Contact Us
For privacy-related questions or concerns: