1. Introduction

Citadel Frame ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application, website, and related services.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and authentication provider (Microsoft or Google). If you register with a password, it is stored using industry-standard hashing algorithms.

Payment Information

Payment processing is handled entirely by Paystack, a trusted payment gateway. We do not store your credit card numbers, bank details, or other payment credentials. We retain transaction records (amounts, dates, subscription tier) for billing purposes.

Device Information

Our desktop application may collect a hardware fingerprint (a non-reversible hash of hardware identifiers) for license activation. This fingerprint cannot be used to identify you personally.

Usage Data

We collect anonymised usage metrics such as scan frequency, feature usage patterns, and error reports to improve our product. This data is not linked to your personal identity.

IP Address

We use your IP address for geo-location-based currency detection on our pricing page. This data is processed in real-time and is not stored.

3. How We Use Your Information

To provide, maintain, and improve our services
To process transactions and manage your subscription
To authenticate your identity and manage license activations
To detect currency for localised pricing display
To communicate important updates, security alerts, and support responses
To enforce our Terms of Service and prevent fraud

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

Paystack — for payment processing
Microsoft / Google — when you use OAuth sign-in (only authentication tokens are exchanged)
Law enforcement — when required by applicable law or valid legal process

5. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption at rest and in transit, role-based access controls, and regular security audits. However, no method of electronic storage is 100% secure.

6. Data Retention

We retain your account data for as long as your account is active. Payment records are retained for 7 years for tax and legal compliance. You may request deletion of your account at any time by contacting support.

7. Your Rights

Under the Protection of Personal Information Act (POPIA) and other applicable laws, you have the right to:

Access and receive a copy of your personal data
Correct inaccurate or incomplete data
Request deletion of your data
Object to processing of your data
Withdraw consent at any time

To exercise these rights, contact us at privacy@citadelframe.com.

8. Cookies

Our website uses essential cookies for authentication and session management. We do not use tracking or advertising cookies.

9. Children's Privacy

Citadel Frame is not intended for children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website.

11. Contact

For privacy-related questions or requests, contact us at:

Email: privacy@citadelframe.com
Company: Citadel Frame (Pty) Ltd
Location: South Africa