Privacy Policy

Sosogu LLC (“we”, “us”, or “our”) operates MakerPulse (the “Service”). This Privacy Policy explains what personal data we collect, how we use it, and what rights you have.

We aim to keep this policy short and readable. If you have any questions, contact us at hello@makerpulse.app.

1. Information We Collect

1.1 Account information

When you sign up, we collect:

• your email address,
• your name and profile picture (if provided via Google sign-in),
• an authentication identifier from Supabase Auth.

1.2 Subscription and billing information

If you subscribe to a paid plan, billing is processed by Stripe. We do not store your full payment card details. We receive a Stripe customer identifier, subscription status, and limited metadata (such as plan name and billing country).

1.3 Connected third-party data

When you connect a third-party service (Stripe, Apple App Store Connect, Google Analytics 4, or others), we access and store data necessary to display your metrics, including:

• Stripe: subscriptions, invoices, charges, customer emails, and event payloads, accessed via Stripe Connect OAuth. We store OAuth tokens in encrypted form.
• App Store Connect: daily sales and download reports, accessed via your Apple API key (JWT-signed). API credentials are stored in encrypted form.
• Google Analytics 4: daily aggregated metrics (sessions, active users, pageviews, etc.) accessed via OAuth or service account credentials. Credentials are stored in encrypted form.

We only access the data scopes you explicitly authorize and only use that data to provide the Service to you.

1.4 Usage and log data

We collect standard technical information automatically, including IP address, browser type, device information, referring URLs, and timestamps. This is used for security, debugging, and service improvement.

1.5 Analytics

We use Google Analytics to understand aggregate usage of the Service. Google Analytics sets cookies and collects data as described in Google’s privacy policy. You can opt out using the Google Analytics Opt-out Browser Add-on.

1.6 AI processing

To generate your weekly digest, we send aggregated metric data (not raw personal data such as customer emails) to Anthropic’s Claude API. Anthropic’s handling of this data is governed by Anthropic’s Commercial Terms, which provide that Anthropic does not train its models on inputs submitted via the API.

2. How We Use Your Information

We use your information to:

• provide, maintain, and improve the Service,
• process payments and manage subscriptions,
• sync data from your connected third-party services,
• generate AI summaries of your metrics,
• send transactional emails (sign-in links, billing notifications, weekly digests if enabled),
• detect, prevent, and respond to fraud, abuse, and security incidents,
• comply with legal obligations.

We do not sell your personal data, and we do not use your Stripe, App Store, or GA4 data for advertising, marketing to third parties, or training AI models.

3. Legal Bases (for users in the EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

• Contract: to provide the Service you signed up for.
• Legitimate interests: to operate, secure, and improve the Service.
• Consent: where required, for example for certain analytics cookies. You can withdraw consent at any time.
• Legal obligation: to comply with applicable laws.

4. How We Share Information

We share information only with:

• Service providers that help us operate the Service, including Supabase (database and authentication), Vercel (hosting), Stripe (payments), Resend (transactional email), Anthropic (AI summarization), and Google Analytics (analytics).
• Legal and safety recipients when required by law, court order, or to protect rights, property, or safety.
• In a business transfer, such as a merger, acquisition, or sale of assets, in which case we will notify you and the acquiring party will be bound by this policy or equivalent protections.

We do not sell personal data and we do not share it with advertisers.

5. International Data Transfers

We are based in Japan. Depending on the service providers we use, your data may be processed in the United States, the European Union, or other jurisdictions. Where data is transferred from the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses or vendor certifications.

6. Data Retention

• Account data is retained while your account is active.
• Connected third-party data is retained while you keep that connection active, plus up to 30 days after disconnection or account deletion, to support restoration if the deletion was accidental.
• Billing records are retained as required by applicable tax and accounting laws.
• Usage logs are retained for up to 12 months.

You can request deletion at any time (see section 8).

7. Security

We use industry-standard measures to protect your data, including:

• TLS encryption for data in transit,
• encryption at rest for OAuth tokens and API credentials,
• row-level security in our database so that one user’s data cannot be accessed by another,
• access controls for our administrative systems.

No system is perfectly secure. We cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have the right to:

• access the personal data we hold about you,
• correct inaccurate data,
• delete your data,
• restrict or object to certain processing,
• receive a copy of your data in a portable format,
• withdraw consent where processing is based on consent,
• lodge a complaint with a supervisory authority.

For California residents (CCPA/CPRA): You have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law.

For EEA/UK residents (GDPR/UK GDPR): You have the rights listed above, and you may contact your national data protection authority if you believe we have not handled your data appropriately.

To exercise any of these rights, email us at hello@makerpulse.app. We will respond within the time required by applicable law (typically 30 days).

9. Cookies

We use a small number of cookies, strictly limited to:

• Essential cookies required for authentication and the Service to function.
• Analytics cookies set by Google Analytics, as described in section 1.5.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the Service.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and update the “Last updated” date above.

12. Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data:

Sosogu LLC
Email: hello@makerpulse.app

We will do our best to respond promptly.