Privacy Policy

1. Introduction

md2x ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our markdown conversion platform.

2. Information We Collect

2.1 Personal Information

• Email address
• Name (optional)
• Authentication credentials
• Payment information (processed by Polar.sh)

2.2 Usage Information

• Conversion history (format, page count, timestamps)
• Credit usage and billing information
• API usage statistics

2.3 Files You Upload

Files you upload for conversion are stored temporarily and automatically deleted after 24 hours. Files are retained only for debugging purposes during this period. We do not access, read, share, or analyze the content of your files. Your files are never shared with third parties.

3. How We Use Your Information

• To provide and maintain our service
• To process your conversions
• To manage your account and billing
• To send service-related communications
• To improve our service
• To comply with legal obligations

4. Data Retention

• Uploaded files: Deleted after 24 hours (retained only for debugging purposes)
• Conversion history: Retained for billing and support purposes (does not include file content)
• Logs: Retained for 30 days
• Account data: Retained until you delete your account

5. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

• Right to access: Request a copy of your data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data
• Right to restrict processing: Request limitation of data processing
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing of your data

To exercise these rights, use the data export and account deletion features in your profile, or contact us at privacy@md2x.com

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS) and at rest
• Secure authentication with Better Auth
• Regular security audits
• Access controls and logging

7. Third-Party Services

We use the following third-party services:

• Polar.sh: Payment processing
• Railway: Hosting infrastructure
• Anthropic: AI style matching (Claude API)
• Google: OAuth authentication (optional)

8. Cookies

We use essential cookies for authentication and session management. These are necessary for the service to function and cannot be disabled.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
Email: privacy@md2x.com