This Privacy Policy describes how Coswaa Tools ("we," "us," "our") collects, uses, and protects your information when you use our website at https://use.coswaa.com.

1. Information We Collect

1.1 Information You Provide

• Account registration: Email address, display name, and password (hashed)
• Payment information: Billing details processed securely by Razorpay/Stripe (we do not store card numbers)
• Tool suggestions: Tool name, description, and optional email

1.2 Information Collected Automatically

• IP address (for geo-detection, rate limiting, and security)
• Browser type, operating system, and device information
• Pages visited and tools used (for analytics and improvement)
• Referral source (if referred via affiliate link)
• Cookies (see Section 4)

2. How We Use Your Information

• To provide and improve our services
• To process payments and manage subscriptions
• To detect your country and display appropriate pricing and currency
• To send transactional emails (payment confirmations, account updates)
• To track affiliate referrals and calculate commissions
• To prevent fraud and abuse
• To respond to support requests

3. Data Sharing

We do not sell your personal data. We share data only with:

• Razorpay: For payment processing (India users)
• Stripe: For payment processing (International users)
• ipapi.co: For IP-based country detection (only your IP is sent)
• Legal authorities: If required by law

4. Cookies

We use the following cookies:

• WordPress session cookies: Required for login functionality
• ctp_country: Stores your selected currency/country preference (30 days)
• ctp_ref: Stores referral code if you arrived via an affiliate link (30 days)

You can disable cookies in your browser settings. Note that some features may not work without cookies.

5. Data Retention

• Account data: Retained as long as your account is active
• Payment records: Retained for 7 years for tax/legal compliance
• Tool usage logs: Retained for 90 days, then anonymized
• Deleted accounts: Data deleted within 30 days of account deletion request

6. Your Rights

Under applicable law (including GDPR where applicable), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Object to processing of your data for marketing
• Request a copy of your data (data portability)

To exercise these rights, email: contact@your-domain.com

7. Security

We implement appropriate technical and organizational measures to protect your data, including:

• SSL/TLS encryption for all data in transit
• Password hashing using WordPress's secure bcrypt implementation
• CSRF tokens (nonces) on all form submissions
• Rate limiting to prevent brute-force attacks
• Webhook signature verification for all payment callbacks

8. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our Site.

10. Contact Us

For privacy-related inquiries: contact@your-domain.com