---
site: protos.rip
page: privacy
---
_
____ _____(_) ______ ________ __
/ __ \/ ___/ / | / / __ `/ ___/ / / /
/ /_/ / / / /| |/ / /_/ / /__/ /_/ /
/ .___/_/ /_/ |___/\__,_/\___/\__, /
/_/ /____/ # Privacy Policy
Last updated: April 26, 2026
Protorip is run by Strange Computer (ABN 33 257 301 620), based in Victoria, Australia. Australian privacy law applies. If you are in the EU, UK, or California, GDPR, UK GDPR, or CCPA/CPRA may also apply.
This policy covers how we handle personal information at Protorip — account details, billing, access logs, and similar data about you. Your published content (proto files, modules, documentation) is covered by the [Terms of Service](/terms). Public modules are publicly accessible. Do not include personal information in published content; it may remain public even after account deletion.
It applies whether you are using Protorip without an account, with a free account, or on a paid plan.
If you have questions or want to exercise your rights, email [privacy@protos.rip](mailto:privacy@protos.rip).
## What We Collect
What you give us directly:
- Your name, email, and authentication details
- Profile info from GitHub, Google, or similar sign-in providers (whatever you authorise them to share)
- Organisation name, members, and roles
- Billing contact and tax details. Card details are processed by Stripe; we do not store or have access to full card numbers
- Anything you send to our support, legal, or abuse addresses
What we collect automatically:
- Request logs: IP, user agent, URL path, status, bytes transferred, timestamps
- Usage metadata: how often modules get published and downloaded, which API keys were used, and other numbers we need to enforce plan limits and fair use
- Essential cookies only — for sessions, authentication, CSRF, and Cloudflare infrastructure. No advertising or analytics cookies
What we receive from sub-processors:
- Authentication state and session metadata from Clerk
- Payment status, last four digits of card, and card brand from Stripe
- Abuse and security signals from Cloudflare
## What We Do with It
We use personal information to:
- Let you in, control access, and serve your content
- Process payments and send invoices
- Communicate with you about the service, security issues, and billing
- Enforce our terms
- Detect abuse, fraud, and security problems
- Improve Protorip
- Meet our legal obligations
We do not sell personal information and we do not serve advertising.
## Who Else Sees It
Our sub-processors — the providers we rely on:
| Who | What they do |
|---|---|
| Clerk, Inc. | Authentication, sessions, MFA |
| Stripe, Inc. | Payments, subscriptions, tax |
| Cloudflare, Inc. | Hosting, database, and blob storage |
If we add a sub-processor that materially affects how we handle personal information, we will notify active accounts by email.
Third-party sign-in providers. When you sign in through GitHub or Google, those providers see your login event and handle your data under their own privacy policies. They are not acting on our behalf — they process your login under their own terms.
Legal disclosures. We will share information if we reasonably believe we have to — to comply with the law or legal process, enforce our terms, protect people, or deal with fraud or security incidents. Where we are legally allowed to, we will tell you about requests for your information before we respond.
Business transfers. If the business is sold or merged, personal information may transfer to the acquirer. We will notify you.
## Where Your Data Lives
Some personal information is processed outside Australia by our sub-processors. Cloudflare, Clerk, and Stripe operate globally with data centres in multiple regions. For transfers out of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent mechanisms offered by our sub-processors.
## How Long We Keep It
We keep personal information while your account is active, and for a reasonable period afterwards — long enough to meet tax and accounting obligations (typically seven years under Australian law), resolve disputes, and comply with the law.
Request logs are kept for approximately 90 days.
## Your Rights
Australian Privacy Principles. You can ask to see or correct personal information we hold about you. If something has gone wrong with how we have handled your data, you can complain to the Office of the Australian Information Commissioner ([oaic.gov.au](https://www.oaic.gov.au)).
GDPR and UK GDPR. If you are in the EEA or UK, you have rights to access, correct, erase, restrict, port, and object to our processing of your personal information; to withdraw consent where processing is based on it; and to complain to your local supervisory authority. Some rights are subject to legal exceptions; contact us for details about how a right applies in your circumstances.
CCPA/CPRA. If you are a California resident, you have the right to know what we collect, to have it deleted, to correct inaccuracies, and not to be discriminated against for exercising these rights. We do not sell personal information.
Deletion requests. Deletion requests cover personal information. Published modules are covered separately by the [Terms of Service](/terms).
To exercise any of these, email [privacy@protos.rip](mailto:privacy@protos.rip). We will respond within the time limits the applicable law sets. We may verify your identity before responding.
Legal bases (GDPR users). We process your data under: performance of a contract (running your account), legitimate interests (security, abuse prevention, improving the service), legal obligation (tax, lawful requests), and consent (where we specifically ask for it).
No automated decisions. We do not use personal information to make automated decisions that significantly affect you.
## Security
We use encryption in transit (TLS) and encryption at rest provided by our infrastructure sub-processors.
If you think your account has been compromised, email [security@protos.rip](mailto:security@protos.rip). If a security incident is likely to result in serious harm to you, we will tell you what happened, what data was involved, and what we are doing about it.
## Children
Protorip is not intended for use by individuals under 18. We do not knowingly collect personal information from anyone under 18. If you become aware that someone under 18 has provided personal information to us, contact [privacy@protos.rip](mailto:privacy@protos.rip) and we will delete it.
## Changes to This Policy
We may update this policy. Material changes will go out by email to active accounts, or via a prominent notice on the site, at least 30 days before they take effect.