Privacy Policy

We believe you should understand how we handle your data. This policy explains our practices in clear, simple language.

Last updated: December 11, 2025

Introduction

At SaaS Console ("we," "our," or "us"), protecting your privacy is fundamental to our mission. This Privacy Policy describes how we collect, use, process, and disclose your information, including personal information, in conjunction with your access to and use of the SaaS Console platform and services (collectively, the "Service").

1. Information We Collect

We collect information in three ways: information you provide to us, information automatically collected through your use of the services, and information from third parties.

1.1 Information You Provide

  • Email Address: Required for account creation and authentication. If you join our waitlist before creating an account, we collect your email address to notify you when the service becomes available.
  • Username: A unique username for your profile URL and identification within the platform.
  • Avatar/Profile Picture: Profile image provided through OAuth.
  • Project Data: Information you create and manage such as project names, descriptions, roadmap items, tasks, bug reports, feature requests, and expense records.
  • Communications: When you contact us for support or provide feedback, we collect the content of your messages.

1.2 Information Automatically Collected

  • Usage Data: We collect data about how you interact with our platform, such as pages visited, features used, and time spent.
  • Device Information: We collect information about the device and browser you use, such as IP address, operating system, and browser type.
  • Analytics Data: We use Vercel Analytics to collect aggregated, anonymized usage statistics and performance metrics to improve our service.
  • Log Data: Our servers automatically record information such as your IP address, browser type, referring/exit pages, and timestamps.

1.3 Information from Third-Party OAuth Providers

When you sign up or log in using a third-party authentication service, we receive and store certain information from that provider:

Google OAuth

When you authenticate with Google, we receive and store:

  • • Google Account ID (unique identifier)
  • • Email address
  • • Profile picture
  • • Access token (to maintain your authenticated session)

Google API Services User Data Policy: SaaS Console's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use your Google data to authenticate your account and provide the Service. We do not use Google user data for serving advertisements.

GitHub OAuth

When you authenticate with GitHub, we receive and store:

  • • GitHub Account ID (unique identifier)
  • • GitHub username
  • • Email address
  • • Profile picture
  • • Access token with permissions for: read:user, user:email, and repo (repository access)

We request repository access (repo scope) to enable features that may integrate with your GitHub repositories in the future. Your GitHub access token is stored securely and encrypted. You can revoke our access at any time through your GitHub settings.

Important: We store OAuth access tokens to maintain your authenticated session and enable platform features. These tokens are encrypted and stored securely in our database for the sole purpose of authenticated you, the User. We never share your OAuth tokens with third parties.

2. How We Use Your Information

We use your information for the following purposes, based on our legitimate business interests, contractual obligations, and your consent where required:

  • Service Delivery: To provide, operate, maintain, and improve our services and develop new features.
  • Project Management: To enable the core functionality of creating, tracking, and managing your SaaS projects.
  • Communication: To send you technical notices, updates, security alerts, administrative messages, and respond to your inquiries.
  • Waitlist Notifications: If you join our waitlist, we will use your email address to notify you when the service becomes available or when we have important updates about launch timing.
  • Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems.
  • Analytics: To understand how our services are used, identify areas for improvement, and conduct research and analysis.
  • Compliance: To verify your identity, comply with legal obligations, enforce our terms, and protect our rights and property.
  • Personalization: To customize your experience and provide content and features that match your interests and preferences.
  • Marketing: With your consent, to send you promotional materials about new features, products, or services that may interest you. You can opt-out of marketing communications at any time.

4. How We Share Your Information

We do not rent or sell your personal data. We share your information only in the following circumstances:

  • Service Providers: We share data with third-party vendors who help us operate our services, including hosting (Vercel), database management (MongoDB), analytics, payment processing (Stripe), authentication (NextAuth), and customer support tools. These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required to do so by law, court order, or government request, or in the good faith belief that such action is necessary to comply with legal obligations, protect our rights, investigate fraud, or ensure user safety.
  • With Your Consent: We may share your information with third parties when you explicitly consent or direct us to do so.
  • Aggregated Data: We may share aggregated, anonymized data that cannot identify you individually for research, marketing, or analytics purposes.

5. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, enforce our policies, and maintain business records.

When you delete your account, all your data will be deleted immediately, except where we are required to retain it for legal, tax, or regulatory purposes.

6. International Data Transfers

Our services are hosted in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using our services, you consent to the transfer of your information to the United States and other countries. We implement appropriate safeguards, such as standard contractual clauses, to protect your data during international transfers.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 GDPR Rights (EEA, UK, Switzerland)

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data ("Right to be Forgotten"), subject to certain legal exceptions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Object: You have the right to object to our processing of your personal data for direct marketing or based on legitimate interests.
  • Right to Data Portability: You have the right to request that we transfer your data to another organization or directly to you in a structured, commonly used format.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

7.2 CCPA Rights (California Residents)

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

7.3 Other Jurisdictions

Users in other jurisdictions may have additional rights under local laws, including Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, and other regional privacy regulations. Please contact us to exercise your rights.

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at mdnlabs@gmail.com. We will respond to your request within 30 days (or as required by applicable law). You may also manage many of your preferences directly through your account settings.

8. Data Security

We implement appropriate technical and organizational measures to maintain the safety of your personal data, including:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Regular security assessments
  • Access controls and authentication mechanisms

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

9. Children's Privacy and Age Verification

Our services are not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

Age Verification

During account creation, we require all users to attest that they meet the minimum age requirement for their region:

  • • 13 years or older for users outside the EU
  • • 16 years or older for users in the European Economic Area (in compliance with GDPR)

We detect your region automatically and display the appropriate age requirement. Your age attestation and the timestamp are recorded in our database for compliance purposes.

If we become aware that we have collected personal information from a child under the applicable age without proper parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at mdnlabs@gmail.com.

10. Third-Party Services and Links

Our Service may contain links to third-party websites, applications, or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by updating the date at the top of this policy and, in some cases, provide you with additional notice (such as adding a statement to our homepage or sending you an email notification).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

SaaS Console Privacy

Email: mdnlabs@gmail.com

For GDPR-related inquiries, you may also contact your local data protection authority.