Last updated: 1st September 2025
1. Introduction
This Privacy Policy ("Policy") describes how Constructor Labs Ltd ("Company", "we", "us", or "our") collects, uses, and protects your personal information when you use our Skm.tc software-as-a-service platform ("Service").
Company Details:
- Name: Constructor Labs Ltd
- Company Registration: 08389656
- Contact: support@skm.tc
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name and email address
- Company name and role (if provided)
- GitHub profile information (for OAuth authentication)
- Account preferences and settings
2.2 Usage Data
We automatically collect information about how you use the Service:
- API specifications you create and modify
- Code generation requests and results
- Feature usage patterns and frequency
- Error logs and debugging information
- Performance metrics and resource consumption
2.3 Technical Data
We collect technical information to provide and improve the Service:
- IP address and geographic location
- Browser type and version
- Operating system and device information
- Page views and navigation patterns
- Session duration and interaction data
2.4 Communication Data
- Support requests and correspondence
- Feedback and survey responses
- Marketing communication preferences
3. How We Use Your Information
3.1 Service Provision
- Provide access to the platform and its features
- Process your API specifications and generate code
- Manage your account and subscription
- Provide customer support and technical assistance
3.2 Service Improvement
- Analyze usage patterns to improve features
- Monitor performance and troubleshoot issues
- Develop new features and capabilities
- Conduct research and analytics
3.3 Communication
- Send service-related notifications and updates
- Respond to inquiries and support requests
- Send marketing communications (with consent)
- Notify you of security incidents or policy changes
3.4 Legal Compliance
- Comply with legal obligations and regulations
- Investigate and prevent fraud or abuse
- Protect our rights and the rights of other users
- Respond to legal requests and law enforcement
4. Legal Basis for Processing
Under GDPR, we process your personal data based on:
4.1 Contractual Necessity
- Providing the Service as agreed in our Terms of Service
- Managing your account and subscription
- Processing payments and billing
4.2 Legitimate Interests
- Improving the Service and developing new features
- Ensuring security and preventing fraud
- Analyzing usage for business purposes
- Direct marketing to existing customers
4.3 Consent
- Marketing communications to prospects
- Optional data collection for enhanced features
- Cookies and tracking technologies
4.4 Legal Obligation
- Complying with tax and accounting requirements
- Responding to lawful requests from authorities
- Maintaining records for regulatory compliance
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with trusted third parties who help us provide the Service:
- Cloud hosting providers (AWS, Cloudflare)
- Payment processors (Stripe)
- Analytics services (Google Analytics)
- Customer support tools (Intercom)
- Email services (SendGrid)
5.2 Legal Requirements
We may disclose your information when required by law:
- In response to court orders or legal process
- To comply with law enforcement requests
- To protect our rights or the safety of others
- In case of a merger, acquisition, or sale of assets
5.3 User Consent
- We obtain explicit consent before sharing data for other purposes
- You can withdraw consent at any time
- Collaborative features require sharing with team members you invite
6. Data Security
6.1 Technical Safeguards
- Encryption in transit using TLS 1.3
- Encryption at rest for all data stores
- Multi-factor authentication for admin access
- Regular security audits and penetration testing
- Intrusion detection and monitoring systems
6.2 Organizational Safeguards
- Access controls and role-based permissions
- Employee training on data protection
- Incident response procedures
- Regular backup and disaster recovery testing
- Secure development lifecycle practices
6.3 Data Breach Response
- We will notify affected users within 72 hours of discovery
- Relevant authorities will be informed as required by law
- We will provide details of affected data and remediation steps
- Post-incident analysis and security improvements
7. Data Retention
7.1 Account Data
- Active account data is retained while your account is active
- Deleted accounts are purged after 30 days grace period
- Billing records are kept for 7 years for tax purposes
- Support communications are retained for 3 years
7.2 Usage Data
- Aggregated analytics data is retained for 2 years
- Log files are retained for 90 days
- Error reports are retained for 1 year
- User-generated content follows account retention rules
7.3 Legal Holds
- Data may be retained longer if required for legal proceedings
- Fraud investigation data is retained for 5 years
- We will notify you if your data is subject to legal hold
8. Your Rights
Under GDPR and other privacy laws, you have the following rights:
8.1 Access and Portability
- Request a copy of all personal data we hold about you
- Export your data in a machine-readable format
- Receive data within 30 days of request
8.2 Correction and Deletion
- Correct inaccurate or incomplete personal data
- Request deletion of your personal data ("right to be forgotten")
- Update account information through the Service interface
8.3 Processing Limitations
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Opt out of marketing communications
- Withdraw consent for consent-based processing
8.4 Exercising Your Rights
To exercise your rights, contact us at support@skm.tc with:
- Your account email address
- Description of your request
- Verification of your identity
9. Cookies and Tracking
9.1 Essential Cookies
We use essential cookies to:
- Maintain your login session
- Remember your preferences
- Provide security features
- Enable core Service functionality
9.2 Analytics Cookies
With your consent, we use analytics cookies to:
- Understand how the Service is used
- Improve user experience
- Measure feature adoption
- Track conversion and engagement metrics
9.3 Cookie Management
- You can disable cookies through your browser settings
- Some features may not work without essential cookies
- You can update your cookie preferences at any time
- We provide a cookie consent banner for new users
10. International Transfers
10.1 Data Locations
- Primary data processing occurs in the European Union
- Some service providers may process data in other countries
- We ensure adequate protection for international transfers
10.2 Transfer Safeguards
- Standard Contractual Clauses (SCCs) with processors
- Adequacy decisions for certain countries
- Additional safeguards for high-risk transfers
- Regular assessment of transfer mechanisms
11. Children's Privacy
- The Service is not intended for children under 16
- We do not knowingly collect data from children
- If we discover child data, we will delete it promptly
- Parents can contact us to request deletion of child data
12. Changes to This Policy
- We may update this Policy from time to time
- Material changes will be communicated via email
- Continued use constitutes acceptance of updates
- Previous versions are available upon request
13. Supervisory Authority
If you are not satisfied with our response to your privacy concerns, you can:
- Contact the UK Information Commissioner's Office (ICO)
- File a complaint with your local data protection authority
- Seek legal advice regarding your rights
14. Contact Information
For privacy-related questions or to exercise your rights, contact us at support@skm.tc
Data Protection Officer: support@skm.tc
Address: Constructor Labs Ltd, 08389656
This Policy is effective as of 1st September 2025 and supersedes all previous versions.
Company: Constructor Labs Ltd
Registration: 08389656