Privacy Policy

Introduction

Welcome to Visual PRD. We are a technology company based in Nigeria that provides an AI-powered Product Requirements Document (PRD) generation platform. We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, mobile applications, MCP (Model Context Protocol) server integrations, and any related services (collectively, the "Service").

We comply with the Nigeria Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) for California residents, and other applicable data protection laws.

1. Who We Are

Visual PRD is operated by NoCode100 ("we," "us," "our"), a technology company registered in Nigeria. We are the data controller responsible for your personal data.

Contact Information:
Email: hello@nocode100.com

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address
• Display name
• Password (stored securely using Firebase Authentication)
• Profile photo (optional)

Project Content:

• Project names and descriptions
• Product Requirements Documents (PRDs) you create
• Screenshots and images you upload for design analysis
• Features, pages, and specifications you define
• Database schemas and API endpoints you design
• Technology stack selections
• Chat messages and modification requests

Payment Information:

• We do not directly store your credit card numbers or bank account details
• Payment information is processed and stored by our payment processors (Paystack, Stripe, Lemon Squeezy)
• We receive and store: transaction IDs, subscription status, and payment confirmation details

2.2 Information We Collect Automatically

• IP address (collected at signup for fraud prevention)
• Browser type and version
• Device type and operating system
• Country/region (detected from your IP address)
• Features you use and how often
• Login timestamps and session duration

3. How We Use Your Information

3.1 To Provide Our Service

• Create and manage your account
• Generate PRDs and design systems using AI
• Process your project content through our AI systems
• Store your projects and enable collaboration
• Enable MCP server integrations with your coding tools (Cursor, Claude Desktop, Windsurf)
• Process exports (Markdown, JSON, ZIP)

3.2 To Process Payments

• Process subscription payments
• Manage billing cycles and renewals
• Handle upgrade/downgrade requests
• Detect and prevent payment fraud

3.3 To Communicate With You

• Send transactional emails (welcome, subscription confirmations, receipts)
• Send service-related notifications (budget alerts, rate limits)
• Respond to support requests

3.4 To Ensure Security

• Detect and prevent fraud
• Enforce rate limits
• Identify and block abusive behavior
• Comply with legal obligations

4. Legal Basis for Processing

Under NDPR and GDPR, we must have a legal basis for processing your personal data:

• Contract performance: Account creation, PRD generation, payment processing
• Legitimate interest: Service security, fraud prevention, product improvement
• Consent: Marketing communications
• Legal obligation: Compliance with applicable laws

5. How We Share Your Information

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who help us operate our Service:

• Cloud Infrastructure: Google Cloud Platform / Firebase (United States)
• AI Processing: OpenRouter, Anthropic (Claude), OpenAI (GPT-4), Google (Gemini)
• Payment Processing: Paystack (Nigeria), Stripe (International), Lemon Squeezy
• Email Services: Brevo (formerly Sendinblue)

5.2 AI Model Providers

When you use our PRD generation, modification, or MCP features, your project content is sent to AI providers for processing. This includes project descriptions, feature specifications, screenshots (for design analysis), and chat messages.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal processes (court orders, subpoenas), government requests, or to protect our rights and safety.

6. International Data Transfers

Visual PRD is based in Nigeria, but we use service providers located in other countries, primarily the United States.

Where Your Data May Be Processed:

• United States: Google Cloud (Firebase), AI providers, payment processors
• European Union: Some email services
• Nigeria: Paystack, local operations

For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For transfers from Nigeria, we comply with NDPR requirements.

7. Data Retention

We retain your data for as long as necessary to provide our Service and fulfill the purposes described in this policy:

• Account information: Until account deletion + 30 days
• Project content: Until you delete the project or account
• Payment records: 7 years (legal/tax requirements)
• Usage logs: 90 days (rolling)
• Security audit logs: 1 year

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest (Google Cloud encryption)
• API key encryption (AES-256-GCM)
• Password hashing (Firebase Auth)
• Secure session management with HttpOnly cookies
• Rate limiting to prevent abuse

In the event of a data breach that affects your personal data, we will notify you within 72 hours and take immediate steps to contain and remediate the breach.

9. Your Rights

Depending on your location, you have various rights regarding your personal data:

Rights for All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Data Portability: Request your data in a machine-readable format
• Withdraw Consent: Withdraw consent for marketing communications

Additional Rights for NDPR (Nigeria)

Under the Nigeria Data Protection Regulation, you have the right to lodge a complaint with NITDA (National Information Technology Development Agency).

Additional Rights for GDPR (EU/UK)

You also have the right to object to processing based on legitimate interests and to lodge a complaint with your local supervisory authority.

How to Exercise Your Rights

To exercise any of these rights, contact us at hello@nocode100.com. We will respond within 30 days.

10. Children's Privacy

Visual PRD is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at hello@nocode100.com.

11. Cookies and Tracking

We use cookies and similar technologies to operate our Service:

• Essential Cookies: Authentication, session management, security (CSRF protection)
• Functional Cookies: Remember your preferences (theme, language)

We do not use third-party advertising cookies or cross-site tracking. For more details, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last Updated" date, and sending you an email notification for significant changes. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Email: hello@nocode100.com

Supervisory Authority (Nigeria):
National Information Technology Development Agency (NITDA)
Website: https://nitda.gov.ng