Privacy Policy

Summary

ERDone is designed to hold as little personal data as possible. Your diagram contents live in your own Git repository or your browser’s local storage — not on our servers. We store account metadata (your provider ID and email), your repository connection settings, and your subscription state. We never sell your data.

1. Information We Collect

We collect only what we need to provide and bill for the Service:

• Account data. When you sign in via an OAuth identity provider, we receive a stable user ID, email address, and (where you’ve made them public) display name and avatar URL.
• Repository connection. If you connect a Git repository, we store the repository identifier and the access token issued by your Git host. The token is used only to read and write your diagram files at your direction.
• Subscription state. Your tier (Free, Pro, or Team), status (trialing, active, canceled, past-due), trial end date, and (for paying customers) the Lemon Squeezy customer and subscription identifiers needed to link your subscription to your account. We do not receive or store payment-card data — that lives only with Lemon Squeezy.
• Diagrams. Free-tier diagrams stay in your browser’s local storage. Paid-tier diagrams are saved as files in your Git repository. We do not transmit, copy, or analyze the contents of your diagrams on our servers.
• Usage analytics. We collect anonymous, aggregated traffic data (page views, performance metrics) via Vercel Analytics to understand how the Service is used. No personal identifiers are sent.

2. How We Use Information

• To operate the Service and authenticate your account.
• To process subscriptions and bill you correctly through Lemon Squeezy.
• To respond to support requests you send to support@erdone.net.
• To send transactional emails about your account or subscription. We do not send marketing emails.
• To detect and prevent abuse of the Service.

3. Data Subprocessors

We rely on the following third-party services to operate ERDone. Each is bound by its own privacy policy and applicable data processing agreements:

4. Cookies and Local Storage

We use cookies and browser local storage to keep you signed in, remember your UI preferences, and (on the Free tier) store your diagrams locally. Vercel Analytics may set anonymous cookies for aggregated traffic measurement. We do not use cookies for advertising.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your profile and subscription records within 30 days, except where retention is required for legal, tax, or accounting purposes. Diagrams stored in your own Git repository are unaffected — they remain in your repository under your control.

6. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data; to object to or restrict certain processing; or to withdraw consent. To exercise any of these rights, email support@erdone.net. We’ll respond within 30 days.

California residents have additional rights under the California Consumer Privacy Act (CCPA), and EU/UK residents have rights under the GDPR / UK-GDPR. We do not sell personal information.

7. Children

The Service is not directed to children under 13 (or under the age of consent in your jurisdiction), and we do not knowingly collect data from them. If you believe a child has provided us information, email us and we’ll delete it.

8. Security

We take reasonable measures to protect the data we hold, including TLS in transit, row-level security in our database, and encrypted credential storage. No system is perfectly secure; we encourage you to use a strong password on your OAuth provider and to keep your account credentials confidential.

9. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via the Service or by email at least 14 days before they take effect.

10. Contact

Privacy questions and data-rights requests: support@erdone.net.