Privacy Policy

Last updated: August 14, 2025

This Privacy Policy explains how ScriptDock ("we," "us," or "our") collects, uses, discloses, and protects information in connection with our browser extension, website, APIs, and related services (collectively, the "Services"). It applies to all users of the Services. Capitalized terms not defined here have the meanings given in our Terms of Service.

Table of Contents

1. Information We Collect
2. How We Use Information
3. Legal Bases (EEA/UK)
4. AI Data Practices
5. Cookies and Tracking
6. How We Share Information
7. Data Retention
8. International Transfers
9. Security
10. Your Privacy Rights
11. Children’s Privacy
12. Do Not Track
13. Changes to This Policy
14. Contact Us

1. Information We Collect

We collect information in the following ways:

• Information you provide: account details (e.g., name, email), workspace or organization metadata when relevant, prompts or content you input into the Services, files you choose to upload, and communications you send to us (e.g., support requests, feedback).
• Automatically collected information: device identifiers, browser type/version, operating system, IP address, locale, referring/exit pages, timestamps, usage metrics (feature interactions, performance, and diagnostics), and crash/error logs.
• Information from third parties: single sign-on and identity providers (e.g., WorkOS), payment processors (e.g., Stripe), analytics and error reporting providers, and AI model providers engaged to deliver features within the Services.

2. How We Use Information

• Provide, operate, and maintain the Services and core functionality.
• Authenticate users, enable account management, and deliver customer support.
• Process payments and manage subscriptions (via third-party processors such as Stripe).
• Personalize and improve the Services, including model quality, UX, and reliability.
• Monitor, detect, prevent, and respond to security incidents, fraud, and abuse.
• Comply with legal obligations and enforce our Terms.
• Communicate with you about updates, security alerts, and administrative messages.
• Conduct analytics, research, and service usage measurements.

3. Legal Bases (EEA/UK)

Where EU/UK data protection law applies, we process personal data under the following legal bases: (a) to perform our contract with you; (b) with your consent; (c) for our legitimate interests in operating, securing, and improving the Services, provided those interests are not overridden by your rights; and (d) to comply with legal obligations. In limited cases, we may process to protect vital interests.

4. AI Data Practices

• Inputs and outputs: To provide AI features, we process the content you input (e.g., prompts, files, code) and the generated output. This may involve tokenization and transient storage for processing, quality, safety, and abuse prevention.
• Model providers: We may engage third-party AI model providers to generate or enhance outputs. Your inputs/outputs may be transmitted to and processed by those providers subject to their terms and security controls. Where available, we configure providers to disable training on your data and to minimize retention.
• Training: We do not use your personal data to train our own models without your consent. We may use de-identified or aggregated information to improve the Services, safety systems, and performance.
• Human review: Limited human review may occur for safety, abuse, debugging, or legal compliance, subject to confidentiality and access controls.

5. Cookies and Tracking

We and our service providers use cookies, local storage, and similar technologies to operate the Services, remember preferences, conduct analytics, and measure performance. You can control cookies through your browser settings and, where applicable, site banners. Disabling cookies may impact certain features.

6. How We Share Information

• Service providers: We share information with vendors acting on our behalf, such as identity and authentication providers (e.g., WorkOS), payment processors (e.g., Stripe), hosting, analytics, error reporting, customer support tools, and AI model providers. These providers process data pursuant to our instructions.
• Affiliates and business transfers: We may share with affiliates, and in connection with mergers, acquisitions, financing, or sale of assets.
• Legal and safety: We may disclose information to comply with law, legal process, or governmental requests, to enforce our Terms, and to protect rights, property, or safety of users and the public.
• With your direction: We share information as you instruct, such as when you integrate with third-party services or share content.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, to comply with legal, accounting, or reporting requirements, and to resolve disputes. Retention periods vary based on data type and context. We delete or anonymize data when it is no longer needed.

8. International Transfers

We may transfer, store, and process information in countries outside your own, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses. By using the Services, you acknowledge such transfers subject to applicable law.

9. Security

We employ technical and organizational measures designed to protect personal data, including encryption in transit and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location, you may have rights under applicable law, including to access, correct, delete, restrict, object to, or port your personal data, and to withdraw consent where processing is based on consent. You may also have the right to opt out of certain processing (e.g., targeted advertising) and to appeal our decisions. We will verify your request and respond within the timeframes required by law.

• EEA/UK: You can lodge a complaint with a supervisory authority. Please contact us first so we can address your concerns.
• US state laws (e.g., CA/VA/CO/CT/UT): You may have rights to access, delete, correct, and opt out of sale/sharing or targeted advertising. To exercise, contact us as described below.

To submit a request, email [email protected]. Authorized agents may submit requests subject to verification.

11. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

12. Do Not Track

Some browsers offer a Do Not Track (DNT) signal. There is no common industry standard for DNT; we do not respond to DNT signals at this time.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. Material changes will be notified as required by law. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

For questions or requests regarding this Privacy Policy, contact [email protected].