Privacy Policy

Muhammad Saeed Effective Date: February 25, 2026 Last Updated: February 25, 2026

1. Introduction

Muhammad Saeed ("Muhammad Saeed," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and protect information about you when you visit our website (https://msaeed.dev), use our APIs and SDKs, access our mobile applications, interact with our developer dashboard, or otherwise engage with our services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including visitors to our website, registered account holders, API consumers, mobile application users, and any other individuals whose personal data we process in connection with the Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

Account Registration Data: When you create a Muhammad Saeed account, we collect your full name, email address, company name (if applicable), job title (if provided), country of residence, and password. If you sign up using a third-party authentication provider (such as Google or GitHub), we receive your name, email address, and profile picture from that provider.

Billing and Payment Data: When you subscribe to a paid plan, payment processing is handled by our Merchant of Record, Paddle.com Market Limited ("Paddle"). Muhammad Saeed does not directly collect or store your credit card numbers, bank account details, or other financial payment instruments. Paddle collects and processes this information in accordance with its own privacy policy (https://www.paddle.com/legal/privacy). We receive from Paddle a transaction identifier, the plan you purchased, billing address (country and postal code), and transaction status.

Communications Data: When you contact our support team, submit a help request, participate in surveys, or communicate with us through any channel, we collect the content of those communications, your contact information, and any metadata associated with the communication.

Developer Configuration Data: When you configure your API settings, create projects, generate API keys, set up webhooks, or customize your developer dashboard, we collect and store those configurations.

2.2 Information Collected Automatically

API Usage Data: When you make requests to our API endpoints, we automatically log the request timestamp, the endpoint accessed, the request method, the IP address from which the request originated, the API key used, the response status code, the response latency, and the approximate size of the request and response payloads. We do not log the contents of your request or response payloads unless you have explicitly enabled request logging in your dashboard settings.

Website Analytics Data: When you visit our website, we collect information using cookies and similar technologies, including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on each page, click interactions, and device identifiers.

Mobile Application Data: When you use our mobile applications, we collect device information (device model, operating system version, unique device identifiers), application usage data (features accessed, session duration, crash reports), and with your explicit consent, location data (for features that require location context).

Log Data: Our servers automatically record information about how you interact with our Services, including access times, hardware and software information, device event information, and crash data.

2.3 Information from Third Parties

Authentication Providers: If you authenticate using a third-party service (Google, GitHub, GitLab), we receive profile information as authorized by you during the authentication process.

Payment Processor: Paddle provides us with transaction and subscription management data as described in Section 2.1.

Analytics Partners: We may receive aggregated or anonymized data from analytics partners to help us understand usage trends and improve our Services.

3. How We Use Your Information

We use the information we collect for the following specific purposes:

3.1 Providing and Operating the Services

Processing your API requests and delivering responses. Managing your account and subscription. Providing access to the developer dashboard and analytics. Distributing and updating mobile applications. Providing customer support and technical assistance.

3.2 Billing and Payments

Facilitating subscription management through Paddle. Processing plan upgrades, downgrades, and cancellations. Tracking usage for overage billing calculations. Generating invoices and transaction receipts.

3.3 Improving the Services

Analyzing aggregate usage patterns to identify areas for improvement. Monitoring system performance, reliability, and capacity. Debugging errors and resolving technical issues. Conducting research and development for new features.

3.4 Communications

Sending transactional emails related to your account (subscription confirmations, payment receipts, security alerts, usage notifications). Sending service-related announcements (scheduled maintenance, new features, policy updates). With your explicit consent, sending marketing communications about new products, features, or promotions. You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@msaeed.dev.

3.5 Security and Fraud Prevention

Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity. Enforcing our Terms of Service and Acceptable Use Policy. Protecting the security and integrity of our Services and infrastructure. Complying with legal obligations.

3.6 Legal Compliance

Complying with applicable laws, regulations, and legal processes. Responding to lawful requests from governmental authorities. Establishing, exercising, or defending legal claims.

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

Performance of Contract: Processing necessary to provide the Services you have requested, including account management, API request processing, billing, and support (Sections 3.1, 3.2).

Legitimate Interest: Processing necessary for our legitimate interests, including improving the Services, ensuring security, and preventing fraud, where these interests are not overridden by your rights and freedoms (Sections 3.3, 3.5).

Consent: Processing based on your explicit consent, such as sending marketing communications and collecting optional data like location information (Section 3.4).

Legal Obligation: Processing necessary to comply with applicable laws and regulations (Section 3.6).

5. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following limited circumstances:

5.1 Payment Processing

We share necessary transaction information with Paddle, our Merchant of Record, to facilitate billing and payment processing. Paddle processes this information as an independent data controller in accordance with its own privacy policy.

5.2 Infrastructure Providers

We use third-party cloud infrastructure providers (such as Amazon Web Services, Google Cloud Platform, and Cloudflare) to host and deliver our Services. These providers process data on our behalf as data processors and are contractually obligated to protect your information and use it only for the purpose of providing their services to us.

5.3 Analytics and Monitoring

We use third-party analytics tools to help us understand how our Services are used. These tools collect data in an aggregated or anonymized form. Our current analytics partners include Plausible Analytics (privacy-focused, no cookies), and Sentry (error monitoring and crash reporting).

5.4 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, subpoena, court order, or governmental request; (b) protect and defend the rights, property, or safety of Muhammad Saeed, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice on our website of any such change in ownership or control of your personal information.

5.6 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

Account Data: Retained for the duration of your active account, plus thirty (30) days after account termination to allow for reactivation. After this period, account data is permanently deleted or anonymized.

API Usage Logs: Retained for ninety (90) days for active accounts to support analytics and debugging. After this period, logs are aggregated into anonymized statistical data and the original logs are deleted.

Billing Records: Retained for seven (7) years after the transaction date to comply with tax and financial record-keeping requirements.

Support Communications: Retained for three (3) years after the last communication to support ongoing service quality and dispute resolution.

Website Analytics: Anonymized analytics data is retained indefinitely. Identifiable analytics data (such as IP addresses) is retained for a maximum of thirty (30) days.

When we delete personal data, we use commercially reasonable methods to render it unrecoverable. Aggregate, anonymized, or de-identified data that can no longer be associated with an identified individual may be retained indefinitely.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption in Transit: All data transmitted between your devices and our Services is encrypted using TLS 1.2 or higher.

Encryption at Rest: Customer Data and personal information stored in our databases is encrypted using AES-256 encryption.

Access Controls: Access to personal data within our organization is restricted to employees and contractors who require it to perform their job functions, and is subject to strict access control policies and audit logging.

Infrastructure Security: Our infrastructure is hosted with SOC 2 Type II certified cloud providers. We conduct regular security assessments, penetration testing, and vulnerability scanning.

API Key Security: API keys are hashed using bcrypt before storage. Plaintext API keys are displayed only once at the time of creation and cannot be retrieved afterward.

Incident Response: We maintain a documented incident response plan. In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities within the timeframes required by applicable law (no later than 72 hours for GDPR-covered incidents).

While we take extensive measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 Rights Available to All Users

Access: You can access and review the personal information we hold about you through your account dashboard at any time.

Correction: You can update or correct your account information through your dashboard or by contacting us.

Deletion: You can request deletion of your account and associated personal data by contacting us at privacy@msaeed.dev. We will process your request within thirty (30) days, subject to our retention obligations.

Data Export: You can export your data through the dashboard or API at any time.

Communication Preferences: You can opt out of marketing emails at any time using the unsubscribe link or by contacting us.

8.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR/UK GDPR)

Right to Restriction: You can request that we restrict processing of your personal data in certain circumstances.

Right to Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format.

Right to Object: You can object to processing based on legitimate interests at any time.

Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

To exercise any of these rights, contact us at privacy@msaeed.dev. We will respond to your request within thirty (30) days. We may require you to verify your identity before processing your request.

8.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share your data.

Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell your personal information. If this practice changes in the future, we will update this Privacy Policy and provide you with a mechanism to opt out.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise your CCPA/CPRA rights, contact us at privacy@msaeed.dev or use the request mechanisms available in your account dashboard.

9. Cookies and Tracking Technologies

9.1 Cookies We Use

Strictly Necessary Cookies: These are essential for the operation of our website and Services. They include session cookies for authentication, CSRF protection tokens, and load balancer cookies. These cannot be disabled.

Analytics Cookies: We use privacy-focused analytics (Plausible Analytics) that do not use cookies and do not track individuals across websites. For any cookie-based analytics, we will request your consent before setting such cookies.

Preference Cookies: These remember your settings and preferences (such as dashboard layout and theme preferences) to provide a personalized experience.

9.2 Managing Cookies

You can manage cookie preferences through your browser settings. Please note that disabling strictly necessary cookies may impair the functionality of our Services.

9.3 Do Not Track

Our website respects the Do Not Track (DNT) browser signal. When we detect a DNT signal, we do not set any non-essential cookies or tracking technologies.

10. International Data Transfers

Muhammad Saeed is headquartered in the United States. If you are accessing our Services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our infrastructure providers maintain facilities.

For transfers of personal data from the EEA, UK, or Switzerland to the United States or other countries that have not received an adequacy decision, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our sub-processors that incorporate appropriate safeguards
  • Where applicable, the EU-U.S. Data Privacy Framework

By using our Services, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy, subject to the safeguards described herein.

11. Children's Privacy

Our Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under eighteen. If we become aware that we have inadvertently collected personal information from a child under eighteen, we will take steps to delete that information as promptly as possible. If you believe we have collected information from a child under eighteen, please contact us immediately at privacy@msaeed.dev.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through our Services. We are not responsible for the content, privacy policies, or practices of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Privacy Policy on our website with a revised "Last Updated" date
  • Notify you by email at the address associated with your account at least thirty (30) days before the changes take effect
  • Where required by law, obtain your consent before applying the changes

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should stop using our Services and delete your account.

14. Data Protection Officer

Although not legally required in all jurisdictions, we have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO at:

Email: dpo@msaeed.dev Subject line: "Data Protection Inquiry"

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Muhammad Saeed Email: privacy@msaeed.dev Data Protection Officer: dpo@msaeed.dev Support: support@msaeed.dev Website: https://msaeed.dev

For EEA and UK residents, our EU representative can be contacted at: eu-representative@msaeed.dev