Privacy Policy

Introduction

This Privacy Policy explains how prd.it ("we", "us", "our") collects, uses, and protects personal data when you use GreenPRD.com (https://greenprd.com) and related services (the "Service").

By using the Service, you acknowledge this policy. If you do not agree, please do not use the Service.

Data controller

The data controller is prd.it, operating GreenPRD.com.

Registered address: [PLACEHOLDER: registered address].

Privacy inquiries: about@prd.it.com. General support: hello@greenprd.com.

What we collect

• Account data: email address, display name, avatar URL, plan tier, and sign-in method.
• OAuth profile data from Google or GitHub when you choose those sign-in options (e.g. name, email, GitHub username).
• User content: product briefs, specifications, graph data, markdown documents, chat messages, file attachments, and voice recordings you submit.
• GitHub integration data: repository metadata, file contents you import or sync, and encrypted installation tokens.
• Usage and billing: credit consumption, subscription status, order references from our payment provider, and MCP request metadata.
• Analytics (with your consent): page paths, referrer, browser user-agent, and a first-party session identifier.
• Communications: email preferences and messages we send you (welcome, operational, marketing where permitted).
• Team collaboration: workspace membership, invite email addresses, and project activity.

How we use your data

• Provide, operate, and maintain the Service.
• Generate and sync product specifications using AI.
• Authenticate you and manage your account.
• Process subscriptions and usage credits.
• Send transactional email and, where permitted, product updates and marketing.
• Improve reliability, security, and product experience.
• Comply with legal obligations and enforce our Terms of Service.

Legal bases (GDPR)

If you are in the European Economic Area or United Kingdom, we process personal data on the following bases:

• Contract: to provide the Service you signed up for.
• Legitimate interests: security, fraud prevention, service improvement, and limited analytics where permitted.
• Consent: non-essential analytics cookies and marketing email where required.
• Legal obligation: tax, accounting, and regulatory requirements.

Third-party processors

We use trusted service providers who process data on our behalf:

Each provider maintains its own privacy policy. We share only the data needed for them to perform their services.

• Supabase — authentication, database, and hosting infrastructure.
• OpenAI — AI generation, chat, transcription, and embeddings.
• Vercel — application hosting and analytics (with consent).
• Google — OAuth sign-in and Google Analytics (with consent).
• GitHub — OAuth sign-in and GitHub App repository access.
• Lemon Squeezy — subscription billing and payment processing.
• Resend — transactional and marketing email delivery.

AI processing

When you use AI features, your prompts, specifications, attachments, and related context may be sent to OpenAI for processing. Output is generated automatically and may require your review.

Under OpenAI API terms, your data submitted via the API is not used to train OpenAI models. Do not submit sensitive personal data, credentials, or confidential third-party information unless you have a lawful basis to do so.

Cookies and similar technologies

We use essential cookies for authentication and, only with your consent, analytics technologies. See our Cookie Policy at /cookies for details, including how to manage preferences.

We also use browser local storage for workspace drafts, onboarding state, and assistant history. These are first-party technologies that do not track you across websites.

International transfers

Our processors may store or process data in the United States, European Union, and other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

Retention

• Account and project data: retained while your account is active and for a reasonable period after deletion to support backups and legal obligations.
• Specification version history: retained according to your plan and workspace settings.
• Analytics data: typically up to 26 months for Google Analytics; first-party logs are retained in aggregated form.
• Billing records: retained as required by tax and accounting law.

Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or port your personal data, object to certain processing, and withdraw consent.

You can delete your account from Settings → Profile. You can update email preferences in your profile settings.

To exercise rights, contact us at about@prd.it.com. We respond within applicable legal timeframes.

You may lodge a complaint with the Israel Privacy Protection Authority or your local EU/UK supervisory authority.

Marketing email

We may send product news and tips if you have not opted out. You can unsubscribe from marketing email at any time via profile settings or the unsubscribe link in messages.

Operational emails (security, billing, service changes) may still be sent when necessary to operate your account.

Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided data and we will delete it.

Security

We use HTTPS, access controls, and encryption for sensitive tokens. No method of transmission or storage is completely secure; please use a strong password and protect your account credentials.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be communicated via the Service or email where appropriate.