Privacy Policy

Last updated: 1 April 2026  ·  Effective immediately

1. Introduction

MDCreator ("we", "us", "our") operates the MDCreator web application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

We collect the following categories of information:

• Account data: Your name, email address, and hashed password when you register.
• OAuth data: If you sign in via Google, we receive your name, email, and Google account ID.
• Usage data: The project ideas you submit and the specifications generated. We use this solely to provide the service.
• Billing data: Stripe handles all payment processing. We only store your Stripe Customer ID — never your raw card details.
• Log data: Standard server logs including IP address, browser type, and pages visited for security and debugging.

3. How We Use Your Information

• To provide, operate, and maintain the MDCreator service.
• To process payments and manage subscriptions via Stripe.
• To send transactional emails (password reset, billing receipts).
• To improve the service through anonymised usage analytics.
• To comply with legal obligations.

We do not sell or rent your personal data to third parties. We do not use your project ideas to train AI models.

4. Data Retention

We retain your account data for as long as your account is active. Generated spec documents are stored until you delete them or close your account. You may request deletion at any time by emailing us at privacy@mdcreator.net.

5. Third-Party Services

• Secure AI Cloud API: Your project ideas are sent to a secure AI provider to generate specifications.
• Stripe: Payment processing. Stripe's privacy policy applies.
• Google OAuth: Optional sign-in via Google. Google's privacy policy applies.

6. Cookies

We use only essential cookies. Authentication tokens are stored in your browser's localStorage (not cookies). We do not use advertising or tracking cookies.

7. GDPR Rights

If you are in the European Economic Area, you have the right to access, correct, port, or erase your personal data. Contact us at privacy@mdcreator.net with any such request.

8. Security

We use bcrypt password hashing, JWT authentication, HTTPS encryption in transit, and regular security reviews. No transmission over the Internet is 100% secure; we strive to use commercially acceptable means to protect your data.

9. Children's Privacy

MDCreator is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by updating the "Last updated" date above. Continued use of the service constitutes acceptance of the revised policy.

11. Contact

Questions? Email us at privacy@mdcreator.net.