Privacy

Privacy Policy

Effective May 14, 2026. This policy describes account, workspace, billing, integration, Opportunity Intelligence, cookie, retention, export, deletion, and subprocessor practices for MicroSaaS Factory.

Start $9 Validation Read terms

Founder workbench showing evidence discipline and controlled decision surfaces. — Founder evidence stays tied to workspace context, policy limits, and explicit recovery paths.

Privacy

Data collection, use, storage, subprocessors, and rights.

Use this page to understand what MicroSaaS Factory collects, how it is used, who processes it, and how to request export, correction, or deletion.

Operator and contact

This Privacy Policy explains how Nay Linn Aung operates MicroSaaS Factory and handles information for the hosted service. Privacy, deletion, export, billing-data, consent, and access questions can be sent to na27@hood.edu.

Account and workspace data

The service can collect and store founder identity details such as name, email address, workspace name, invite or signup status, activation state, subscription status, session metadata, support context, and account-recovery information needed to create, reopen, secure, and operate a founder workspace.

Product, evidence, and Opportunity Intelligence data

Workspace records can include product descriptions, validation leads, touchpoints, CRM tasks, spec content, build notes, launch gates, activity history, uploaded file metadata, extracted text previews, citations, claims, annotations, reports, decision memos, Scout rankings, analytics snapshots, valuation guardrails, adapter records, consent policies, export metadata, and integration health data.

Billing and transactional data

When billing is enabled, Stripe handles checkout and subscription events. MicroSaaS Factory stores only the billing identifiers, plan references, subscription status, checkout session references, and webhook-derived status needed to manage workspace access, not full card numbers. Resend can process onboarding, transactional, or test email delivery metadata.

Integrations and credentials

If you connect GitHub, Google Cloud, Stripe, Resend, Firebase, Firestore, or Vertex AI-backed features, the service can store encrypted credentials, service-account references, configuration records, permission scopes, sync results, deployment status, billing summaries, and operational status metadata required to run those integrations.

Cookies and local storage

MicroSaaS Factory uses essential session cookies for founder or admin access and localStorage for the Firebase email-link sign-in helper. Non-essential analytics, advertising pixels, and marketing trackers are not enabled by default in this release. If that posture changes, the public policy should be updated before the change is relied on.

How information is used

Information is used to provide the service, authenticate users, provision and recover workspaces, process subscriptions, generate founder-facing outputs, maintain audit trails, secure integrations, troubleshoot support issues, measure launch progress, prevent abuse, satisfy legal or security obligations, and improve product reliability.

Workspace-private data and aggregate reuse

Founder-owned files, reports, records, claims, annotations, imported data, and memos are workspace-private by default. Aggregate reuse, benchmark reuse, or training-style reuse of workspace content is blocked unless explicit consent controls exist and the relevant permission scope allows that use.

Subprocessors and third-party services

The service can rely on Firebase, Firestore or local JSON storage depending on environment, Stripe, Resend, GitHub, Google Cloud Run or Cloud Build, Vertex AI, and deployment or monitoring infrastructure. These providers process data only as needed for authentication, storage, billing, email, integrations, AI-assisted generation, hosting, security, and operations.

Retention, export, and deletion

Account, workspace, billing-status, audit, and integration records are retained while needed to operate the workspace, preserve security and audit evidence, resolve billing or support issues, and meet legal obligations. You can request export, correction, or deletion through na27@hood.edu. Some records may remain in backups, logs, billing evidence, or security/audit trails for a limited period where required for legitimate operational, legal, or compliance reasons.

Security

The service uses application authentication, runtime secrets, encrypted stored credentials, controlled admin access, structured activity records, and release review checks. No internet service can guarantee absolute security, so you should avoid submitting credentials, regulated data, or third-party materials you are not authorized to use.

Children, international processing, and rights

MicroSaaS Factory is intended for founders and business operators, not children. Data can be processed in the United States or wherever configured service providers operate. Depending on your location, you may have rights to access, correct, export, delete, or object to certain processing by contacting the email above.

Changes

This Privacy Policy can be revised as the production environment, data categories, analytics posture, subprocessors, integrations, or legal requirements evolve. Material updates will be posted on this page with an updated effective date.