Privacy Policy

1. Data We Collect

When you use CalcSteel, we may collect the following categories of information:

• Account data: name, email address, and profile picture (when logging in with Google or email registration).
• Project data: structural models, editor settings, analysis results, and user preferences saved to the cloud.
• Technical data: IP address, browser type, operating system, pages visited, and timestamps for diagnostics and security purposes.
• Payment data: processed directly by Stripe/PayPal. CalcSteel does NOT store credit card numbers or banking information.

2. How We Use Your Data

• Authenticate and securely maintain your account.
• Save and sync your projects across devices.
• Process subscription payments (via Stripe/PayPal).
• Improve user experience, stability, and performance of the Platform.
• Send important service communications (security updates, Terms changes). We never send spam.

3. Legal Basis for Processing (LGPD/GDPR)

We process your personal data based on the following legal bases:

• Consent: when you create your account and accept our Terms of Service.
• Contract performance: necessary to provide the contracted services (save projects, run analyses).
• Legitimate interest: for service improvement, platform security, and fraud prevention.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only in the following situations:

• Service providers: hosting (dedicated server), payment processors (Stripe, PayPal), and email service (Resend) — only the minimum necessary to operate the service.
• Analytics: we use Google Analytics and Cloudflare Web Analytics to understand aggregate usage patterns. These services do not receive personally identifiable data.
• Legal obligation: when required by law, regulation, or court order.

5. Google Login (OAuth)

When logging in with Google, we access ONLY your name, email, and profile picture. We do not access your contacts, Google Drive files, calendar, or any other data from your Google account. Authentication uses the industry-standard OAuth 2.0 protocol.

6. Cookies and Tracking Technologies

We use only cookies strictly necessary for the Platform's operation:

• Authentication cookies: keep your login session active (httpOnly, Secure, SameSite). Expire in 7 days.
• Analytics cookies: Google Analytics and Cloudflare Insights for aggregate usage metrics. Not used for targeted advertising.

7. Data Security

Your data is protected with: encryption in transit (HTTPS/TLS on all connections), passwords stored with bcrypt hashing (never in plain text), authentication tokens with automatic rotation, HTTP security headers (HSTS, CSP, X-Frame-Options), access monitoring, and automatic blocking of suspicious IPs.

8. Data Retention

We retain your data while your account is active. Project data is kept until you delete it. Access logs are maintained for 90 days for security and diagnostics. After account deletion, all personal data and projects are permanently removed within 30 days.

10. International Data Transfers

Your data may be processed on servers located outside of Brazil. In such cases, we ensure that international transfers comply with LGPD requirements, including standard contractual clauses and adequate security measures.

11. Children

CalcSteel is not intended for children under 16. We do not knowingly collect data from minors. If we identify that data from a minor has been collected, it will be deleted immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated by email or in-Platform notification at least 15 days in advance.

13. Contact and Data Protection Officer

For privacy questions, exercising your rights, or complaints, contact us at: [email protected]