Privacy Policy

1. Data Controller

The Data Controller is Starter Lab. Contact: privacy@starterlab.io

2. Data Collected

We collect: name, email, account credentials (passwords hashed), usage data, technical data (IP, browser type), and billing information (processed by PCI-DSS certified providers — we never store full card data).

3. Purpose & Legal Basis

• Service delivery — contract performance
• Service communications — contract performance
• Marketing — consent (revocable at any time)
• Service improvement — legitimate interest
• Legal compliance — legal obligation

4. Data Sharing

We do not sell data. We share only with: payment processors (Stripe), email service providers, analytics (anonymized), cloud hosting. All bound by GDPR-compliant data processing agreements.

5. Your Rights

You have the right to: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Send requests to privacy@starterlab.io. We respond within 30 days. You may also lodge a complaint with your national data protection authority.

6. Cookies

We use essential cookies (necessary), analytics cookies (anonymized, with consent), and marketing cookies (with consent). Manage preferences via the cookie banner or browser settings.

7. Security

We use TLS encryption in transit, bcrypt password hashing, role-based access controls, and continuous security monitoring.

8. Children

The Platform is not intended for users under 18. We do not knowingly collect data from minors.

9. Changes

Material changes will be communicated by email with 30 days notice.