Skip to main content
← Back to Home

LEGAL

Privacy Policy

Last updated: November 22, 2025

Welcome to SCAFFOLD (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our spec-first development platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, password (encrypted)
  • Project Data: Project names, descriptions, specifications, file paths, requirements, and other content you create
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
  • Communications: Messages you send to our support team

1.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, interactions
  • Device Information: Browser type, operating system, IP address
  • Cookies and Tracking: See our Cookie Policy for details

2. How We Use Your Information

  • Provide Services: Create and maintain your account, process transactions, deliver features
  • Improve Platform: Analyze usage patterns, develop new features, fix bugs
  • AI Features: Process your project data through Azure OpenAI deployments to generate specifications and suggestions
  • Communications: Send service updates, security alerts, and (with consent) marketing emails
  • Security: Detect fraud, prevent abuse, enforce our terms
  • Legal Compliance: Respond to legal requests, protect our rights

3. Third-Party Services

We use trusted third-party services to operate our platform:

SUPABASE (AUTHENTICATION & DATABASE)

Manages user authentication and stores project data securely.

Supabase Privacy Policy →

STRIPE (PAYMENTS)

Processes subscription payments and billing. We do not store full credit card details.

Stripe Privacy Policy →

AZURE OPENAI (AI PROCESSING)

Powers AI-assisted specification generation. Project data is processed within enterprise Azure OpenAI deployments and never retained for model training.

Azure OpenAI Data Privacy →

VERCEL (HOSTING)

Hosts our platform and provides infrastructure services.

Vercel Privacy Policy →

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data encrypted in transit (HTTPS/TLS) and at rest
  • Authentication: Secure password hashing, optional 2FA
  • Access Controls: Role-based permissions, regular security audits
  • Monitoring: Real-time security alerts and logging

For more details, see our Security Policy.

5. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Object: Opt out of marketing communications
  • Withdraw Consent: Revoke permission for data processing

To exercise these rights, contact us at owner@specdriver.dev

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Most data deleted within 30 days; some metadata retained for legal/security purposes
  • Backups: Backup copies may persist for up to 90 days
  • Legal Holds: Data subject to legal proceedings retained as required

7. International Users

7.1 GDPR (European Users)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your data in accordance with GDPR. Our lawful basis for processing includes:

  • Contract Performance: Providing our services
  • Legitimate Interests: Improving our platform, security
  • Consent: Marketing communications (optional)

7.2 CCPA (California Users)

California residents have additional rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of sale (we do not sell data)
  • Right to deletion
  • Right to non-discrimination

8. Children’s Privacy

SCAFFOLD is not intended for users under 13 years old. We do not knowingly collect data from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy with a new “Last Updated” date
  • Sending an email notification (for material changes)
  • Displaying a prominent notice on our platform

Your continued use of SCAFFOLD after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, concerns, or requests:

EMAIL

owner@specdriver.dev

GENERAL SUPPORT

Contact Form

RESPONSE TIME

We aim to respond within 48 hours

RELATED POLICIES

Terms of ServiceSecurity PolicyCookie PolicyBack to Home