Privacy Policy
Effective Date: May 14, 2026
Last Updated: May 14, 2026
1. Introduction
This Privacy Policy explains how Abhin Chhabra ("we", "us", "our") collects, uses, and protects your personal information when you use rcamap.com (the "Service").
Data Controller:
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name
- Email address
- Authentication data (managed by Clerk.com)
2.2 Payment Information
- Payment card details are collected and processed by Stripe (our payment processor)
- We never see or store your payment card information directly
- Stripe is PCI DSS compliant and handles all payment data securely
2.3 User Content
We collect and store:
- Root cause analysis data and investigation maps
- Text and notes entered in the application
- Map exports and shared content
- Comments and collaboration data
2.4 Usage Data and Analytics
We collect analytics data using the following services:
- Google Analytics - Website and application usage patterns
- Hotjar - User behavior and interaction analytics
- PostHog - Product analytics, activation funnels, and channel attribution
- Vercel Analytics - Page-view and traffic measurement for our hosted application
- Cookies and tracking technologies (see Cookie Policy)
2.5 Error Monitoring Data
- Sentry receives application errors, stack traces, breadcrumb logs, and a sampled subset of session replays (recordings of in-browser interactions, with text content and form inputs masked by default)
- This data is used to detect, diagnose, and resolve bugs
2.6 AI Processing Data
- Your investigation data is sent to Google Gemini APIs for AI-powered features
- This data is processed transiently to generate results
- Third-party AI providers do not store your data for training their models (per our agreements)
- Data is transmitted securely via encrypted connections
- When LLM tracing is enabled, AI request and response traces (including the content of the prompts derived from your investigation) are sent to LangSmith for observability and debugging
3. How We Use Your Information
We use collected information to:
- Provide and operate the Service - Core functionality and features
- Process payments - Via Stripe for subscriptions and credits
- Improve the Service - Analytics, research, and feature development
- Enhance AI features - Improve suggestions and analysis quality
- Customer support - Respond to inquiries and resolve issues
- Communications - Service updates, security alerts, and announcements
- Legal compliance - Meet regulatory requirements and enforce Terms
4. Third-Party Services
4.1 Authentication
Clerk.com manages user authentication and account security.
4.2 Payment Processing
Stripe processes all payments and subscriptions. Review Stripe's privacy policy at stripe.com/privacy.
4.3 Analytics Services
- Google Analytics - Usage tracking (privacy policy: policies.google.com/privacy)
- Hotjar - User behavior analytics (privacy policy: hotjar.com/privacy)
- PostHog - Product analytics (privacy policy: posthog.com/privacy)
- Vercel Analytics - Page-view and traffic measurement (privacy policy: vercel.com/legal/privacy-policy)
4.4 AI Services
- Google Gemini - AI-powered suggestions (privacy policy: google.com/policies/privacy)
- LangSmith (LangChain, Inc.) - LLM request/response tracing for observability when enabled (privacy policy: langchain.com/privacy-policy)
Your data is processed by these services to provide features but is not used for third-party AI model training.
4.5 Error Monitoring
- Sentry - Application error, performance, and session-replay monitoring (privacy policy: sentry.io/privacy)
4.6 Cloud Infrastructure
- Vercel - Web hosting, serverless functions, and cron execution (privacy policy: vercel.com/legal/privacy-policy)
- AWS (us-east-1) - Data storage and hosting via Supabase
- Supabase - Database, realtime, and backend services (privacy policy: supabase.com/privacy)
5. International Data Transfers
User data is stored on AWS servers in the United States (us-east-1 region).
By using rcamap.com, you:
- Consent to the transfer of your data to the United States
- Acknowledge that U.S. data protection laws may differ from your jurisdiction
- Understand that your data will be subject to U.S. regulations and legal processes
6. Data Retention
Active Accounts
We retain your data for as long as your account is active and you continue using the Service.
Account Deletion
- User data is deleted within 30 days of account deletion request
- Some data may persist in backups for up to 30 days after deletion
- Anonymized analytics data may be retained indefinitely for research
Legal Requirements
We may retain data longer if required by law, regulation, or legal proceedings.
7. Your Rights
You have the right to:
7.1 Access Your Data
Request a copy of the personal information we hold about you.
7.2 Correct Your Data
Update or correct inaccurate information at any time through your account settings.
7.3 Delete Your Data
Request deletion of your account and associated data by:
7.4 Export Your Data
- Export individual maps via Word or PDF export features
- For complete account data export, contact support@rcamap.com
7.5 Restrict Processing
Request restriction or cessation of data processing by contacting support@rcamap.com.
7.6 Data Portability
Request your data in a structured, machine-readable format.
7.7 Withdraw Consent
Withdraw consent for data processing where consent is the legal basis (may affect Service availability).
8. Data Security
Security Measures
We implement reasonable technical and organizational measures to protect your data:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (database encryption)
- Access controls and authentication
- Regular security assessments
- Secure third-party service providers
No Absolute Security
No system is 100% secure. Despite our efforts, unauthorized access or data breaches may occur.
Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected users promptly via email
- Notification will include details of the breach and recommended actions
- We will comply with applicable data breach notification laws
9. Children's Privacy
The Service is not intended for children under 13 years of age.
We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13:
- We will delete such information immediately
- Parents/guardians may contact us at support@rcamap.com to request deletion
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information
- Right to deletion
- Right to non-discrimination for exercising CCPA rights
We do not sell your personal information.
To exercise your CCPA rights, contact support@rcamap.com.
11. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
To exercise your GDPR rights, contact support@rcamap.com.
12. Cookies and Tracking
See our separate Cookie Policy for detailed information about:
- Types of cookies we use
- How to disable cookies
- Impact on Service functionality
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- The "Last Updated" date will be revised
- Material changes will be announced via email or Service notification
- Continued use of the Service constitutes acceptance of the updated policy
14. Contact Us
For questions, concerns, or to exercise your privacy rights:
Email: support@rcamap.com
Website: rcamap.com
Data Controller: Abhin Chhabra (Sole Proprietor, Canada)
Effective Date: May 14, 2026