create-qa-architect 5.0.0

package/legal/privacy-policy.html

@@ -0,0 +1,324 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Privacy Policy - Create Quality Automation</title>
+    <style>
+      body {
+        font-family:
+          -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        max-width: 800px;
+        margin: 0 auto;
+        padding: 20px;
+        line-height: 1.6;
+        color: #333;
+      }
+      h1 {
+        color: #2563eb;
+        border-bottom: 2px solid #e5e7eb;
+        padding-bottom: 10px;
+      }
+      h2 {
+        color: #374151;
+        margin-top: 30px;
+      }
+      h3 {
+        color: #4b5563;
+      }
+      .contact-info {
+        background: #f9fafb;
+        padding: 15px;
+        border-radius: 8px;
+        margin: 20px 0;
+      }
+      .highlight {
+        background: #fef3c7;
+        padding: 10px;
+        border-radius: 5px;
+        margin: 15px 0;
+      }
+      .rights-list {
+        background: #ecfdf5;
+        padding: 15px;
+        border-radius: 8px;
+      }
+      strong {
+        color: #1f2937;
+      }
+      .last-updated {
+        color: #6b7280;
+        font-style: italic;
+      }
+    </style>
+  </head>
+  <body>
+    <h1>Privacy Policy</h1>
+
+    <p class="last-updated">
+      <strong>Effective Date:</strong> November 22, 2025<br />
+      <strong>Last Updated:</strong> November 22, 2025
+    </p>
+
+    <h2>Introduction</h2>
+    <p>
+      Create Quality Automation ("we," "our," or "us") respects your privacy and
+      is committed to protecting your personal data. This Privacy Policy
+      explains how we collect, use, disclose, and safeguard your information
+      when you use our software development tool and related services.
+    </p>
+
+    <div class="contact-info">
+      <strong>Contact Information:</strong><br />
+      • <strong>Service Provider:</strong> Brett Stark<br />
+      • <strong>Email:</strong> [contact email needed]<br />
+      •
+      <strong>Website:</strong>
+      https://github.com/brettstark73/quality-automation-template
+    </div>
+
+    <h2>Information We Collect</h2>
+
+    <h3>1. Information You Provide Directly</h3>
+    <ul>
+      <li>
+        <strong>Account Information:</strong> Email address, name, company
+        details (for Pro/Enterprise tiers)
+      </li>
+      <li>
+        <strong>Payment Information:</strong> Billing details processed securely
+        through Stripe
+      </li>
+      <li>
+        <strong>Support Communications:</strong> Messages, bug reports, feature
+        requests
+      </li>
+    </ul>
+
+    <h3>2. Information Collected Automatically</h3>
+    <ul>
+      <li>
+        <strong>Usage Analytics:</strong> Commands run, features used, error
+        logs (anonymized)
+      </li>
+      <li>
+        <strong>Technical Data:</strong> Operating system, Node.js version,
+        project structure (no source code)
+      </li>
+      <li>
+        <strong>Installation Data:</strong> npm package downloads, CLI usage
+        frequency
+      </li>
+    </ul>
+
+    <div class="highlight">
+      <h3>3. Information We Do NOT Collect</h3>
+      <ul>
+        <li>
+          <strong>Source Code:</strong> We never read, store, or transmit your
+          actual code
+        </li>
+        <li>
+          <strong>Git History:</strong> No access to your repository contents or
+          commit messages
+        </li>
+        <li>
+          <strong>Environment Variables:</strong> No collection of secrets, API
+          keys, or sensitive data
+        </li>
+        <li>
+          <strong>File Contents:</strong> Only file paths and structure, never
+          file contents
+        </li>
+      </ul>
+    </div>
+
+    <h2>How We Use Your Information</h2>
+
+    <h3>Primary Purposes</h3>
+    <ol>
+      <li>
+        <strong>Service Delivery:</strong> Provide quality automation tools and
+        dependency monitoring
+      </li>
+      <li>
+        <strong>License Validation:</strong> Verify Pro/Enterprise tier access
+        and usage limits
+      </li>
+      <li>
+        <strong>Support:</strong> Respond to questions, issues, and feature
+        requests
+      </li>
+      <li>
+        <strong>Improvement:</strong> Analyze usage patterns to enhance our
+        tools (anonymized)
+      </li>
+    </ol>
+
+    <h2>Data Sharing and Disclosure</h2>
+
+    <h3>We Share Information With:</h3>
+    <ul>
+      <li>
+        <strong>Payment Processors:</strong> Stripe for subscription billing
+        (Pro/Enterprise tiers)
+      </li>
+      <li>
+        <strong>Cloud Providers:</strong> AWS/Vercel for service hosting
+        (encrypted data only)
+      </li>
+      <li>
+        <strong>Analytics Services:</strong> Anonymous usage statistics only
+      </li>
+    </ul>
+
+    <div class="highlight">
+      <h3>We Do NOT Share:</h3>
+      <ul>
+        <li><strong>Personal data with advertisers</strong> or data brokers</li>
+        <li>
+          <strong>Project details or technical information</strong> with third
+          parties
+        </li>
+        <li>
+          <strong>Any data for marketing purposes</strong> without explicit
+          consent
+        </li>
+      </ul>
+    </div>
+
+    <h2>Your Privacy Rights</h2>
+
+    <div class="rights-list">
+      <h3>Rights Available to All Users</h3>
+      <ul>
+        <li><strong>Access:</strong> Request copy of your personal data</li>
+        <li>
+          <strong>Correction:</strong> Update inaccurate or incomplete
+          information
+        </li>
+        <li><strong>Deletion:</strong> Request account and data deletion</li>
+        <li>
+          <strong>Portability:</strong> Export your data in machine-readable
+          format
+        </li>
+        <li>
+          <strong>Opt-out:</strong> Unsubscribe from marketing communications
+        </li>
+      </ul>
+
+      <h3>How to Exercise Rights</h3>
+      <p>
+        Email your request to <strong>[contact email]</strong> with subject
+        "Privacy Request"
+      </p>
+      <p>
+        <strong>Response Time:</strong> 30 days maximum, typically within 5
+        business days
+      </p>
+    </div>
+
+    <h2>Data Security and Storage</h2>
+
+    <h3>Security Measures</h3>
+    <ul>
+      <li>
+        <strong>Encryption:</strong> All data encrypted in transit (TLS 1.3) and
+        at rest (AES-256)
+      </li>
+      <li>
+        <strong>Access Controls:</strong> Strict authentication and
+        authorization protocols
+      </li>
+      <li>
+        <strong>Regular Audits:</strong> Quarterly security assessments and
+        vulnerability scans
+      </li>
+      <li>
+        <strong>Incident Response:</strong> 24-hour breach notification
+        procedures
+      </li>
+    </ul>
+
+    <h3>Data Retention</h3>
+    <ul>
+      <li>
+        <strong>Account Data:</strong> Retained while account is active plus 30
+        days after cancellation
+      </li>
+      <li>
+        <strong>Usage Analytics:</strong> Aggregated and anonymized, retained
+        for 2 years maximum
+      </li>
+      <li><strong>Support Data:</strong> Deleted 1 year after case closure</li>
+    </ul>
+
+    <h2>California Privacy Rights (CCPA)</h2>
+    <p><strong>We do not sell personal information and never have.</strong></p>
+
+    <h3>California Consumer Rights</h3>
+    <ul>
+      <li>
+        <strong>Know:</strong> Categories of personal information collected and
+        shared
+      </li>
+      <li><strong>Delete:</strong> Request deletion of personal information</li>
+      <li><strong>Opt-Out:</strong> Prevent sale of personal information</li>
+      <li>
+        <strong>Non-Discrimination:</strong> Equal service regardless of privacy
+        choices
+      </li>
+    </ul>
+
+    <h2>European Privacy Rights (GDPR)</h2>
+
+    <h3>Legal Basis for Processing</h3>
+    <ul>
+      <li>
+        <strong>Contract Performance:</strong> Providing our services to you
+      </li>
+      <li>
+        <strong>Legitimate Interest:</strong> Improving our product, security,
+        support
+      </li>
+      <li>
+        <strong>Legal Obligation:</strong> Tax records, regulatory compliance
+      </li>
+      <li>
+        <strong>Consent:</strong> Marketing communications (opt-in required)
+      </li>
+    </ul>
+
+    <h2>Children's Privacy</h2>
+    <p>
+      Create Quality Automation is intended for professional software
+      developers. We do not knowingly collect personal information from children
+      under 13 years old.
+    </p>
+
+    <h2>Changes to This Policy</h2>
+    <p>
+      We may update this Privacy Policy to reflect changes in our practices or
+      applicable law. Material changes will receive 30-day advance notice via
+      email.
+    </p>
+
+    <h2>Contact Us</h2>
+    <div class="contact-info">
+      <p>For privacy questions, concerns, or requests:</p>
+      <p>
+        <strong>Email:</strong> [contact email needed]<br />
+        <strong>Subject Line:</strong> "Privacy Policy Inquiry"<br />
+        <strong>Response Time:</strong> 5 business days maximum
+      </p>
+    </div>
+
+    <hr style="margin: 40px 0; border: 1px solid #e5e7eb" />
+    <p class="last-updated">
+      <em
+        >This Privacy Policy is designed to comply with GDPR, CCPA, and other
+        applicable privacy laws. It was last reviewed on November 22, 2025.</em
+      >
+    </p>
+  </body>
+</html>

package/legal/privacy-policy.md

@@ -0,0 +1,196 @@
+# Privacy Policy
+
+**Effective Date:** November 22, 2025
+**Last Updated:** November 22, 2025
+
+## Introduction
+
+Create Quality Automation ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software development tool and related services.
+
+**Contact Information:**
+
+- **Service Provider:** Brett Stark
+- **Email:** [contact email needed]
+- **Website:** https://github.com/brettstark73/quality-automation-template
+
+## Information We Collect
+
+### 1. Information You Provide Directly
+
+- **Account Information:** Email address, name, company details (for Pro/Enterprise tiers)
+- **Payment Information:** Billing details processed securely through Stripe
+- **Support Communications:** Messages, bug reports, feature requests
+
+### 2. Information Collected Automatically
+
+- **Usage Analytics:** Commands run, features used, error logs (anonymized)
+- **Technical Data:** Operating system, Node.js version, project structure (no source code)
+- **Installation Data:** npm package downloads, CLI usage frequency
+
+### 3. Information We Do NOT Collect
+
+- **Source Code:** We never read, store, or transmit your actual code
+- **Git History:** No access to your repository contents or commit messages
+- **Environment Variables:** No collection of secrets, API keys, or sensitive data
+- **File Contents:** Only file paths and structure, never file contents
+
+## How We Use Your Information
+
+### Primary Purposes
+
+1. **Service Delivery:** Provide quality automation tools and dependency monitoring
+2. **License Validation:** Verify Pro/Enterprise tier access and usage limits
+3. **Support:** Respond to questions, issues, and feature requests
+4. **Improvement:** Analyze usage patterns to enhance our tools (anonymized)
+
+### Secondary Purposes
+
+- **Security:** Detect and prevent abuse, unauthorized access
+- **Legal Compliance:** Meet tax, regulatory, and legal obligations
+- **Marketing:** Send product updates and feature announcements (opt-out available)
+
+## Data Sharing and Disclosure
+
+### We Share Information With:
+
+- **Payment Processors:** Stripe for subscription billing (Pro/Enterprise tiers)
+- **Cloud Providers:** AWS/Vercel for service hosting (encrypted data only)
+- **Analytics Services:** Anonymous usage statistics only
+
+### We Do NOT Share:
+
+- **Personal data with advertisers** or data brokers
+- **Project details or technical information** with third parties
+- **Any data for marketing purposes** without explicit consent
+
+### Legal Disclosures Only When Required:
+
+- Court orders or legal process
+- Protection of our rights and safety
+- Prevention of fraud or illegal activity
+
+## Data Security and Storage
+
+### Security Measures
+
+- **Encryption:** All data encrypted in transit (TLS 1.3) and at rest (AES-256)
+- **Access Controls:** Strict authentication and authorization protocols
+- **Regular Audits:** Quarterly security assessments and vulnerability scans
+- **Incident Response:** 24-hour breach notification procedures
+
+### Data Retention
+
+- **Account Data:** Retained while account is active plus 30 days after cancellation
+- **Usage Analytics:** Aggregated and anonymized, retained for 2 years maximum
+- **Support Data:** Deleted 1 year after case closure
+- **Payment Records:** Retained as required by law (typically 7 years)
+
+## Your Privacy Rights
+
+### Rights Available to All Users
+
+- **Access:** Request copy of your personal data
+- **Correction:** Update inaccurate or incomplete information
+- **Deletion:** Request account and data deletion
+- **Portability:** Export your data in machine-readable format
+- **Opt-out:** Unsubscribe from marketing communications
+
+### Additional Rights (GDPR/CCPA)
+
+- **Right to Object:** Oppose certain data processing activities
+- **Restrict Processing:** Limit how we use your data
+- **Withdraw Consent:** Revoke previously granted permissions
+- **File Complaints:** Contact supervisory authorities
+
+### How to Exercise Rights
+
+Email your request to [contact email] with subject "Privacy Request" and include:
+
+- Account email address
+- Specific right you wish to exercise
+- Identity verification (account details)
+
+**Response Time:** 30 days maximum, typically within 5 business days
+
+## International Data Transfers
+
+- **Primary Storage:** United States (AWS US regions)
+- **Legal Basis:** Standard Contractual Clauses (EU-approved)
+- **Safeguards:** Encryption, access controls, and contractual protections
+- **EU Representatives:** [To be added if required]
+
+## Cookies and Tracking
+
+### Cookies We Use
+
+- **Essential:** Session management, security protection (cannot be disabled)
+- **Analytics:** Anonymous usage statistics (Google Analytics alternative)
+- **Preferences:** Remember your settings and preferences
+
+### Third-Party Cookies
+
+- **Stripe:** Payment processing (strictly necessary for billing)
+- **No advertising cookies** or behavioral tracking
+
+### Cookie Controls
+
+- Browser settings to block/delete cookies
+- Opt-out links provided where applicable
+- Essential cookies required for service functionality
+
+## Children's Privacy
+
+Create Quality Automation is intended for professional software developers. We do not knowingly collect personal information from children under 13 years old. If we learn that we have collected information from a child under 13, we will delete it immediately.
+
+## California Privacy Rights (CCPA)
+
+### California Consumer Rights
+
+- **Know:** Categories of personal information collected and shared
+- **Delete:** Request deletion of personal information
+- **Opt-Out:** Prevent sale of personal information (note: we don't sell data)
+- **Non-Discrimination:** Equal service regardless of privacy choices
+
+### Information Categories Collected (Last 12 Months)
+
+- **Identifiers:** Email addresses, account names
+- **Commercial Information:** Subscription plans, billing records
+- **Internet Activity:** Feature usage, error logs (anonymized)
+- **Professional Information:** Company name, role (voluntary)
+
+**We do not sell personal information and never have.**
+
+## European Privacy Rights (GDPR)
+
+### Legal Basis for Processing
+
+- **Contract Performance:** Providing our services to you
+- **Legitimate Interest:** Improving our product, security, support
+- **Legal Obligation:** Tax records, regulatory compliance
+- **Consent:** Marketing communications (opt-in required)
+
+### Data Protection Officer
+
+For GDPR-specific inquiries, contact: [DPO email when required]
+
+## Changes to This Policy
+
+We may update this Privacy Policy to reflect changes in our practices or applicable law. Changes will be posted with updated "Last Updated" date.
+
+**Material Changes:** 30-day advance notice via email
+**Minor Updates:** Posted immediately with date notation
+
+## Contact Us
+
+For privacy questions, concerns, or requests:
+
+**Email:** [contact email needed]
+**Subject Line:** "Privacy Policy Inquiry"
+**Response Time:** 5 business days maximum
+
+**Mailing Address:**
+[Physical address needed for legal compliance]
+
+---
+
+_This Privacy Policy is designed to comply with GDPR, CCPA, and other applicable privacy laws. It was last reviewed on November 22, 2025._