Privacy Policy

1. Introduction

This Privacy Policy explains how .NET SaaS ("we", "us", or "our") collects, uses, stores, and protects personal information when you visit dotnetsaas.dev, use our live demo, or purchase our software (collectively, the "Services"). By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.

2. Information We Collect

We collect only the information we need to operate the Services, improve the product, and comply with our legal obligations.

2.1. Information you provide directly

• Purchase data — your name, email address, billing country, and any information required to process payment. Payments are processed by Stripe; we do not store full credit card numbers.
• Live demo accounts — when you create an account on the live demo, we collect your email address, a hashed password, and any profile information you choose to add. Demo data is isolated and periodically reset.
• Support and chat messages — any information you voluntarily share when contacting us via email or the Crisp live chat widget.

2.2. Information collected automatically

• Usage and analytics data — pages visited, referring URL, time on page, clicks, device type, browser, operating system, approximate location derived from IP address, and anonymized session recordings. Collected through PostHog.
• Technical logs — IP address, request timestamps, and error traces, used to diagnose issues and protect the Services from abuse.
• Cookies and similar technologies — see Section 5.

3. How We Use Your Information

We use the information we collect to:

• Process purchases, deliver the Software, and issue invoices or receipts;
• Operate, maintain, secure, and improve the Services;
• Respond to support requests and communicate with you about your purchase, updates, or important changes;
• Understand how the Services are used so we can build better features and fix bugs;
• Detect, prevent, and address fraud, abuse, and security issues;
• Comply with applicable laws, regulations, and legitimate legal requests.

We do not sell, rent, or trade your personal information, and we do not use your data to train machine learning models.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

• Contract — to deliver the Software you purchased and provide related support;
• Legitimate interests — to run analytics, protect the Services, improve the product, and communicate with customers, where our interests are not overridden by your rights;
• Consent — for optional cookies and marketing communications, where required. You may withdraw consent at any time;
• Legal obligation — to keep records required by tax, accounting, or consumer protection law.

5. Cookies and Tracking

We use a small number of cookies and similar technologies to make the Services work and to understand usage patterns:

• Essential cookies — required for the live demo, authentication, and secure checkout. Cannot be disabled without breaking the Services.
• Analytics cookies — set by PostHog to measure page views, events, and anonymized session recordings. Used to improve the product.
• Live chat — Crisp sets cookies to persist conversations across page loads.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is set. If you disable non-essential cookies, some features may no longer work as intended.

6. Third-Party Services

We rely on a small set of trusted third-party processors to run the Services. Each of these providers operates under their own privacy policy:

• Stripe — payment processing. stripe.com/privacy
• PostHog — product analytics and session replay. posthog.com/privacy
• Crisp — live chat support. crisp.chat/en/privacy
• Resend — transactional email delivery. resend.com/legal/privacy-policy
• Sentry — error monitoring. sentry.io/privacy
• GitHub — source code delivery to customers. GitHub Privacy Statement

We share only the minimum data each processor needs to perform its function. We do not sell personal information to any third party.

7. Data Retention

We keep your personal information only for as long as necessary for the purposes described in this policy, or as required by law. Concretely:

• Purchase records — kept for as long as required by tax and accounting law (typically 5–10 years depending on jurisdiction);
• Support conversations — retained up to 24 months after the last interaction;
• Live demo accounts — demo data is periodically reset and may be deleted at any time without notice;
• Analytics data — aggregated and retained up to 12 months; individual session recordings are retained up to 30 days.

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you;
• Rectification — ask us to correct inaccurate or incomplete data;
• Erasure — request deletion of your data, subject to legal retention obligations;
• Restriction — ask us to limit how we process your data;
• Portability — receive your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — where processing is based on consent, you may withdraw it at any time;
• Complaint — lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at hi@dotnetsaas.dev. We will respond within 30 days.

9. Data Security

We use industry-standard safeguards to protect your personal data, including HTTPS/TLS for data in transit, encryption at rest where supported by our processors, hashed passwords, access controls, and periodic security reviews. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a breach that affects your personal data, we will notify you and the relevant authorities as required by law.

10. International Data Transfers

.NET SaaS is operated from Thailand and relies on processors located in the United States, the European Union, and other jurisdictions. When we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or the recipient's participation in recognized data protection frameworks.

11. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hi@dotnetsaas.dev and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, in our practices, or in applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or an in-product notice. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.

13. Contact

If you have questions or concerns about this Privacy Policy or how we handle your personal data, contact us at hi@dotnetsaas.dev.