Plainform ("we", "us", "our") is a product owned and operated by Streamlined Solutions SRL, a company registered in Romania. This Privacy Policy explains how we collect, use, store, and protect your personal data when you access plainform.dev or purchase our digital products.
We are committed to maintaining transparency and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller
The data controller responsible for your personal information is:
Streamlined Solutions SRL
Address: str. Vasile Alecsandri 72, Baia Mare, Romania
Email: hello@plainform.dev
Personal Data We Collect
We only collect data necessary for providing our product, ensuring website functionality, and fulfilling legal requirements.
Data Provided Directly by You
When you purchase or interact with Plainform, you may provide:
- Name and email address
- GitHub username (required for repository access)
- Billing information (processed securely by Stripe)
- Account information (via Clerk authentication)
- Support messages or correspondence
Data Collected Automatically
When visiting plainform.dev, we may collect:
- IP address (for rate limiting and security)
- Browser type, device information, and pages visited
- Cookies and usage data (with your consent)
Payment Data
Payments are processed exclusively through Stripe. We never store or access your full credit card details. For transactions over $500, we use manual payment capture for fraud prevention.
How We Use Your Data
Service Delivery
- Providing access to the Plainform private repository via GitHub
- Managing purchases and licensing
- Delivering product updates and support
Communications
- Transactional emails via Resend (purchase confirmations, password resets)
- Newsletter subscriptions via Mailchimp (opt-in only, rate-limited to 3 requests per 60 seconds)
- Support responses
Analytics & Security
- PostHog (EU-hosted at eu.i.posthog.com): Operates in cookieless mode by default; full tracking only after consent
- Google Analytics: Operates in consent mode with analytics disabled until consent
- Rate limiting (3/60s for emails, 5/10s strict, 10/10s standard) to prevent abuse
Legal Obligations
- Tax compliance (payment records retained for 7 years)
- Accounting and invoicing
- Responding to lawful requests
Legal Basis for Processing (GDPR)
We process your personal data based on:
- Contract performance — product delivery, authentication, payment processing, GitHub integration
- Consent — analytics cookies, newsletter subscriptions
- Legitimate interest — security, fraud prevention, cookieless analytics, rate limiting
- Legal obligation — tax records, payment data retention
Cookies & Tracking Technologies
Cookie Consent System
We use a cookie consent system that stores your preference in localStorage (key: cookie-consent) with three states:
pending(default before you choose)granted(you accepted analytics)denied(you declined analytics)
Cookie Categories
- Essential cookies: Required for website functionality (always active)
- Analytics cookies: PostHog and Google Analytics (only after consent)
You can change your cookie preferences anytime using the cookie settings in the footer or by clearing your browser's localStorage.
Data Storage and Security
Security Measures
- HTTPS encryption for all data transmission
- Webhook signature verification for payment processing
- Access controls and authentication via Clerk
- Rate limiting to prevent abuse
Data Retention
| Data Type | Retention Period | Justification |
|---|---|---|
| Authentication data | Account lifetime + 30 days | Service provision |
| Payment records | 7 years | Tax compliance (legal obligation) |
| Analytics data | PostHog: 12 months, GA: 14 months | Service improvement |
| Newsletter subscriptions | Until unsubscribe | Marketing consent |
| Rate limiting data | 24 hours | Security measure |
| Event tracking & comments | Account lifetime | Service provision |
Third-Party Services
We use the following third-party services that process your data:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens | US (Standard Contractual Clauses) |
| Stripe | Payment processing | Email, billing info, payment data | US (Standard Contractual Clauses) |
| GitHub | Repository access | Username validation | US |
| Resend | Transactional emails | Email address | US |
| Mailchimp | Newsletter | Email address (opt-in) | US |
| PostHog | Product analytics | Usage data, device info | EU (eu.i.posthog.com) |
| Google Analytics | Website analytics | Usage data (after consent) | US |
| PostgreSQL | Database | All application data | Hosting provider location |
You must comply with each service's terms and privacy policies. We are not responsible for third-party service issues or changes.
International Data Transfers
Some services (Clerk, Stripe, Resend, Mailchimp, Google Analytics) are located in the United States. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Service-specific data protection measures
PostHog data is stored in the EU (eu.i.posthog.com).
Your Rights Under GDPR
You have the following rights regarding your personal data:
| Right | How to Exercise | Response Time |
|---|---|---|
| Access (Article 15) | Email hello@plainform.dev with subject "Data Access Request" | 30 days |
| Rectification (Article 16) | Update in account settings or email us | 30 days |
| Erasure (Article 17) | Email hello@plainform.dev with subject "Delete My Data" | 30 days |
| Restrict Processing (Article 18) | Email hello@plainform.dev with subject "Restrict Processing" | 30 days |
| Data Portability (Article 20) | Email hello@plainform.dev requesting data export (JSON/CSV format) | 30 days |
| Object (Article 21) | Email hello@plainform.dev or use unsubscribe links | 30 days |
| Withdraw Consent (Article 7) | Change cookie settings or click unsubscribe in emails | Immediate |
| Lodge Complaint (Article 77) | Contact ANSPDCP at www.dataprotection.ro | N/A |
Note: Some rights have limitations (e.g., we must retain payment records for 7 years for tax compliance).
Children's Privacy
Plainform is intended for users 18 years or older. We do not knowingly collect data from individuals under 18. If you believe a child has provided us with personal data, contact us at hello@plainform.dev and we will delete it promptly.
Data Breach Notification
If a data breach occurs that poses a risk to your rights and freedoms:
- We will notify the Romanian supervisory authority (ANSPDCP) within 72 hours
- We will notify affected users without undue delay via email
- We will provide information about the breach and steps to protect yourself
Supervisory Authority
You have the right to lodge a complaint with the Romanian data protection authority:
ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, România
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email. Continued use of our services after changes constitutes acceptance.
Contact Information
For questions about this Privacy Policy or to exercise your data protection rights:
Streamlined Solutions SRL
Address: str. Vasile Alecsandri 72, Baia Mare, Romania
Email: hello@plainform.dev