Privacy Policy

This Privacy Policy explains how Prodia Systems Ltd ("Prodia", "we") processes personal data when you visit prodia.dev, create an account, or use the Service. We act as a controller for the data described below, in accordance with Regulation (EU) 2016/679 ("GDPR") and the Irish Data Protection Act 2018. For Customer Data we process on your behalf as a processor, our Data Processing Addendum applies.

1. Controller and contact

Prodia Systems Ltd, 27 Pembroke Street Upper, Dublin 2, D02 X361, Ireland. Privacy contact: privacy@prodia.dev.

2. Personal data we collect

You provide directly

• Account details: name, email address, organisation, password hash.
• Billing details: company name, billing address, VAT ID, payment identifiers held by our payment processor.
• Support and communications: messages, attachments and metadata you send us.

Collected automatically

• Usage data: pages and features used, timestamps, referrers, device and browser identifiers.
• Log data: IP address, request metadata, error and performance traces.
• Cookies and similar technologies, as described in our Cookie Policy.

From connected services

• OAuth identifiers and repository metadata from GitHub or other source-code hosts you connect.
• Identity data from single sign-on providers you choose to use.

3. Purposes and legal bases

• Providing the Service and performing our contract with you — Art. 6(1)(b) GDPR.
• Billing, accounting and tax compliance — Art. 6(1)(c) GDPR.
• Securing the Service, preventing abuse and fraud — Art. 6(1)(f) GDPR (legitimate interests).
• Product analytics and improvement — Art. 6(1)(f) or 6(1)(a) GDPR depending on jurisdiction and cookie choice.
• Marketing communications — Art. 6(1)(a) GDPR (consent) or 6(1)(f) GDPR (legitimate interests, soft opt-in).
• Responding to legal claims and complying with legal obligations — Art. 6(1)(c) and 6(1)(f) GDPR.

4. Sharing and recipients

We share personal data only as needed and under appropriate safeguards. Categories of recipients include:

• Cloud infrastructure and hosting providers (primarily within the EU/EEA).
• Payment processors and tax service providers.
• Analytics, customer-support and email delivery providers.
• Professional advisers, auditors and authorities where legally required.
• Acquirers or successors in the context of a merger, acquisition or reorganisation.

5. International transfers

Where personal data is transferred outside the EEA, we rely on adequacy decisions of the European Commission or, in their absence, the EU Standard Contractual Clauses (2021/914) together with supplementary measures where required. Copies are available on request to privacy@prodia.dev.

6. Retention

We retain personal data for as long as needed to provide the Service and to meet legal, accounting or reporting requirements. Account data is deleted or anonymised within a reasonable period after account closure, typically 90 days, subject to longer statutory retention (for example, 6 years for accounting records under Irish law).

7. Your rights

Subject to conditions in the GDPR, you have the right to access, rectify, erase, restrict or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time. To exercise these rights, contact privacy@prodia.dev. You also have the right to lodge a complaint with the Data Protection Commission in Ireland (dataprotection.ie), or your local supervisory authority.

8. Security

We implement appropriate technical and organisational measures including encryption in transit and at rest, least-privilege access controls, audit logging, secure development practices and regular review.

9. Children

The Service is not directed to persons under 16 and we do not knowingly collect personal data from children.

10. Changes

We may update this Policy from time to time. Material changes will be notified via the Service or by email at least 30 days before they take effect.