Privacy Policy

Effective Date: January 25, 2026 Last Updated: January 25, 2026

1. Introduction

This Privacy Policy explains how Abhin Chhabra ("we", "us", "our") collects, uses, and protects your personal information when you use rcamap.com (the "Service").

Data Controller:

• Name: Abhin Chhabra
• Location: Canada
• Contact: legal@abhin.atlassian.net

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Authentication data (managed by Clerk.com)

2.2 Payment Information

• Payment card details are collected and processed by Stripe (our payment processor)
• We never see or store your payment card information directly
• Stripe is PCI DSS compliant and handles all payment data securely

2.3 User Content

We collect and store:

• Root cause analysis data and investigation maps
• Text and notes entered in the application
• Map exports and shared content
• Comments and collaboration data

2.4 Usage Data and Analytics

We collect analytics data using the following services:

• Google Analytics - Website and application usage patterns
• Hotjar - User behavior and interaction analytics
• Microsoft Clarity - Session recordings and heatmaps
• Cookies and tracking technologies (see Cookie Policy)

2.5 AI Processing Data

• Your investigation data is sent to Google Gemini APIs for AI-powered features
• This data is processed transiently to generate results
• Third-party AI providers do not store your data for training their models (per our agreements)
• Data is transmitted securely via encrypted connections

3. How We Use Your Information

We use collected information to:

• Provide and operate the Service - Core functionality and features
• Process payments - Via Stripe for subscriptions and credits
• Improve the Service - Analytics, research, and feature development
• Enhance AI features - Improve suggestions and analysis quality
• Customer support - Respond to inquiries and resolve issues
• Communications - Service updates, security alerts, and announcements
• Legal compliance - Meet regulatory requirements and enforce Terms

4. Third-Party Services

4.1 Authentication

Clerk.com manages user authentication and account security.

4.2 Payment Processing

Stripe processes all payments and subscriptions. Review Stripe's privacy policy at stripe.com/privacy.

4.3 Analytics Services

• Google Analytics - Usage tracking (privacy policy: policies.google.com/privacy)
• Hotjar - User behavior analytics (privacy policy: hotjar.com/privacy)
• Microsoft Clarity - Session analytics (privacy policy: microsoft.com/privacy)

4.4 AI Services

• Google Gemini - AI-powered suggestions (privacy policy: google.com/policies/privacy)

Your data is processed by these services to provide features but is not used for third-party AI model training.

4.5 Cloud Infrastructure

• AWS (us-east-1) - Data storage and hosting via Supabase
• Supabase - Database and backend services (privacy policy: supabase.com/privacy)

5. International Data Transfers

User data is stored on AWS servers in the United States (us-east-1 region).

By using rcamap.com, you:

• Consent to the transfer of your data to the United States
• Acknowledge that U.S. data protection laws may differ from your jurisdiction
• Understand that your data will be subject to U.S. regulations and legal processes

6. Data Retention

Active Accounts

We retain your data for as long as your account is active and you continue using the Service.

Account Deletion

• User data is deleted within 30 days of account deletion request
• Some data may persist in backups for up to 30 days after deletion
• Anonymized analytics data may be retained indefinitely for research

Legal Requirements

We may retain data longer if required by law, regulation, or legal proceedings.

7. Your Rights

You have the right to:

7.1 Access Your Data

Request a copy of the personal information we hold about you.

7.2 Correct Your Data

Update or correct inaccurate information at any time through your account settings.

7.3 Delete Your Data

Request deletion of your account and associated data by:

• Deleting your account through Service settings, or
• Contacting legal@abhin.atlassian.net

7.4 Export Your Data

• Export individual maps via Word or PDF export features
• For complete account data export, contact legal@abhin.atlassian.net

7.5 Restrict Processing

Request restriction or cessation of data processing by contacting legal@abhin.atlassian.net.

7.6 Data Portability

Request your data in a structured, machine-readable format.

7.7 Withdraw Consent

Withdraw consent for data processing where consent is the legal basis (may affect Service availability).

8. Data Security

Security Measures

We implement reasonable technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (database encryption)
• Access controls and authentication
• Regular security assessments
• Secure third-party service providers

No Absolute Security

No system is 100% secure. Despite our efforts, unauthorized access or data breaches may occur.

Breach Notification

In the event of a data breach affecting your personal information:

• We will notify affected users promptly via email
• Notification will include details of the breach and recommended actions
• We will comply with applicable data breach notification laws

9. Children's Privacy

The Service is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13:

• We will delete such information immediately
• Parents/guardians may contact us at legal@abhin.atlassian.net to request deletion

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale of personal information
• Right to deletion
• Right to non-discrimination for exercising CCPA rights

We do not sell your personal information.

To exercise your CCPA rights, contact legal@abhin.atlassian.net.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

• Right to access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise your GDPR rights, contact legal@abhin.atlassian.net.

12. Cookies and Tracking

See our separate Cookie Policy for detailed information about:

• Types of cookies we use
• How to disable cookies
• Impact on Service functionality

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• The "Last Updated" date will be revised
• Material changes will be announced via email or Service notification
• Continued use of the Service constitutes acceptance of the updated policy

14. Contact Us

For questions, concerns, or to exercise your privacy rights:

Email: legal@abhin.atlassian.net Website: rcamap.com

---

Data Controller: Abhin Chhabra (Sole Proprietor, Canada) Effective Date: January 25, 2026