The boring page that explains the safe stuff.

• Sign-in uses email/password or Google, handled by our auth provider.
• Passwords are never stored by Panic Tools — they're handled by the auth provider as salted hashes.
• Sessions are scoped to your browser and you can sign out at any time from the Account page.
• Admin actions are restricted to a separate role and verified server-side, not in the browser.

• All payments are processed by Stripe. Panic Tools never sees or stores your full card number, CVC, or expiry.
• We store the Stripe session and payment intent IDs so we can match a purchase to your account and issue downloads or refunds.
• Webhooks from Stripe are signature-verified before any purchase is recorded.

• Product files live in a private storage bucket. Direct public access is blocked.
• Downloads are only granted after a completed purchase tied to your account.
• Download links are issued server-side and are short-lived.

• Account: email, display name, and (optionally) avatar URL from your sign-in provider.
• Purchases: product purchased, amount, currency, receipt email, and Stripe identifiers.
• Downloads: basic event records (timestamp, user agent) so we can support you if a download fails.
• We do not sell your data, and we don't use it for advertising profiles.

• Lovable — hosting, database, auth, storage.
• Stripe — payment processing.
• Google — optional Google sign-in.

If you'd like a current list of subprocessors for compliance purposes, email us at the address below.

We keep account and purchase records for as long as your account is active so you can re-download what you bought. You can request account deletion at any time by emailing support; purchase records required for tax and accounting may be retained in redacted form.

To access, export, or delete your data, email support@panictools.lovable.app from the email on your account. We respond within a reasonable time frame and will ask you to confirm the request.

If you think you've found a vulnerability, please email support@panictools.lovable.app with steps to reproduce. Please don't publicly disclose the issue until we've had a chance to look at it.

Panic Tools does not currently claim SOC 2, ISO 27001, HIPAA, PCI DSS, or GDPR/CCPA certification. We follow the practices described on this page; if you need a formal questionnaire or DPA for procurement, get in touch and we'll do our best to help.