Privacy Policy

Licenzy is a developer-first platform for subscriptions, usage-based billing, entitlements, access control, runtime API operations, and related monetization workflows.

This Privacy Policy explains how Licenzy collects, uses, stores, shares, and protects personal information when you visit the website, read documentation, create or access an account, configure projects or workspaces, use the Licenzy portal, call the runtime API, receive transactional emails, or interact with support and operational tooling.

This policy applies to Licenzy's public site, documentation, portal, runtime API, billing-related flows, and operational support surfaces. It does not replace the privacy terms of third-party providers such as Stripe, Google, Microsoft, Render, or Resend when they process data under their own terms.

Licenzy controls the personal information described in this policy when we decide how and why that information is processed for the website, portal, billing workflows, runtime services, documentation, and support operations.

If you use Licenzy on behalf of a company, workspace, or team, that organization may also determine what customer or end-user data is sent into Licenzy through its configuration, runtime API requests, billing setup, support workflows, or webhook integrations.

Depending on how you use Licenzy, we may collect the following categories of data:

• Account information, such as your name, email address, account name, and profile details that you provide.
• Authentication and session data used for sign-in, session continuity, email verification, password reset, and account security.
• Google OAuth profile data if you choose Google sign-in, such as your name, email address, and Google account identifier.
• Project and workspace data, including project names, environment configuration, and operational settings for test mode and live mode.
• Billing and subscription data, such as plan selection, billing status, invoice-related information, subscription lifecycle state, and related account records.
• Billing-related identifiers from Stripe, such as customer, checkout session, subscription, payment, and invoice identifiers where relevant to Licenzy operations.
• API key metadata, such as the project, mode, status, label, and creation or revocation state associated with a runtime key.
• Runtime API data, including product codes, subject_ref values, entitlement records, usage or metering records, customer access check results, and related request metadata.
• Outbound webhook configuration and delivery data, such as endpoint configuration details, delivery attempts, retry status, operational history, and webhook-related debugging records.
• Support and operational investigation data, such as support search inputs, entitlement review data, manual grant or revoke actions, usage adjustments, and debug context used to investigate issues.
• Device, browser, technical, and interaction data, such as IP-related request context, browser type, page visits, request metadata, and service interaction information.
• Cookie and consent-preference records, including whether optional analytics cookies were accepted or rejected and when those choices were updated.
• Communications and transactional message data when you receive or respond to verification, password reset, billing, or service-related emails.

We collect information from several sources depending on how you use Licenzy:

• Directly from you when you create an account, sign in, configure projects, connect Stripe, create API keys, contact support, or change billing settings.
• From authentication and account recovery flows such as email verification, password reset, session refresh, and Google OAuth sign-in.
• From billing and payment providers such as Stripe when subscriptions, invoices, checkout sessions, or customer portal actions affect your Licenzy account.
• From runtime API requests made by you or your systems when Licenzy processes checkout sessions, access checks, entitlements, or usage metering.
• From outbound webhook and operational tooling when Licenzy records endpoint configuration, delivery activity, retry behavior, or troubleshooting context.
• From transactional email providers when messages are sent for verification, security, billing, or account lifecycle purposes.
• From analytics tools only after you consent to optional analytics cookies on public marketing and documentation pages.

We use personal information to operate Licenzy in practical, product-related ways, including to:

• Create and manage user accounts and workspaces.
• Authenticate users, maintain sessions, verify email addresses, and support password reset and account recovery.
• Provide runtime API services such as checkout session creation, customer access checks, entitlement state management, and usage metering.
• Operate billing, subscription, invoice, plan management, renewal, upgrade, downgrade, and cancellation workflows.
• Support projects, API key management, outbound webhook operations, and test mode or live mode configuration.
• Monitor, secure, debug, maintain, and improve the service, including preventing abuse, fraud, and unauthorized access.
• Investigate support issues, review operational state, and perform manual entitlement or usage corrections when necessary.
• Send transactional communications related to authentication, billing, subscription lifecycle events, service operations, and account security.
• Measure public-site usage and improve the marketing and documentation experience when optional analytics cookies have been enabled.
• Comply with legal obligations, enforce our terms, resolve disputes, and protect Licenzy, our users, and others.

Licenzy supports email and password authentication, Google OAuth authentication, session-based portal authentication, email verification, and password reset flows.

We process authentication and session data to sign you in, maintain secure portal access, verify ownership of an email address, support account recovery, and detect or respond to unauthorized access or misuse.

If you choose Google sign-in, Licenzy may receive basic profile data from Google such as your name, email address, and account identifier. We use that information only for authentication, account creation or linking, session management, and related account security functions. Licenzy does not use Google OAuth data for advertising.

We also use necessary cookies and similar session mechanisms to keep authenticated areas of the site working, maintain secure sessions, and support core site functionality.

Licenzy provides a runtime API used by customers to create checkout sessions, check customer access, read entitlement state, and consume usage-based entitlements.

To provide those services, Licenzy processes customer-linked runtime data submitted by customers or their systems, including subject_ref values, product codes, entitlement records, usage or metering records, mode-specific runtime state, and related request metadata.

Licenzy processes this information to deliver access-control and monetization services, maintain runtime state, enforce entitlement logic, scope requests by project and mode, protect the service against misuse, and help customers investigate operational issues.

Customers are responsible for deciding what identifiers and customer data they send into Licenzy through runtime requests and integrations. Licenzy processes that information as part of providing the runtime functionality the customer has configured.

Licenzy uses Stripe for billing and payment workflows, including Stripe Checkout, subscriptions, invoices, customer portal flows, and related billing lifecycle events.

Stripe processes payment information under Stripe's own terms and privacy practices. Licenzy does not store full card numbers or full card payment details. Instead, Licenzy stores the billing-related identifiers, plan and subscription state, invoice state, and related operational records reasonably necessary to manage access, billing workflows, and account lifecycle events.

Licenzy may also process billing-related operational records tied to renewals, upgrades, downgrades, cancellations, failed payments, subscription status changes, and related transactional communications.

Licenzy supports outbound webhooks, webhook delivery history, automatic retries, operational review, and support or debug workflows used to investigate customer issues and service behavior.

We may process outbound webhook configuration data, delivery attempts, retry state, operational history, and related payload or event context when needed to operate the service, troubleshoot issues, improve reliability, or investigate incorrect runtime state.

Licenzy also includes support and operational tooling that may be used to search customer runtime state, review entitlements, inspect usage history, and perform manual entitlement grants, revocations, or usage adjustments where operationally necessary.

We use this data for operations, reliability, security, debugging, fraud prevention, abuse prevention, and customer support.

Licenzy uses necessary cookies and similar technologies to keep the site working, maintain authenticated sessions, support security, remember core preferences, and provide essential website and portal functionality.

Licenzy also offers optional analytics cookies on public marketing and documentation pages. Those analytics cookies are used for Google Analytics 4 and Microsoft Clarity to help us understand how the public site is used and improve the Licenzy experience.

Google Analytics 4 and Microsoft Clarity are loaded only after you consent to optional analytics cookies. You may reject analytics cookies when the banner is shown, and you may later change your choice through the cookie settings available on the public site.

We also store consent-preference records to remember whether optional analytics cookies were accepted or rejected and to respect updated choices later.

Licenzy relies on third-party providers to operate parts of the service. These providers may process information on our behalf in connection with hosting, infrastructure, authentication, billing, analytics, and email delivery.

• Stripe for billing, subscriptions, invoices, checkout, and related payment workflows.
• Render for hosting and service infrastructure.
• Resend for transactional email delivery such as verification, password reset, billing, and lifecycle emails.
• Google for Google OAuth sign-in and Google Analytics 4 when optional analytics are enabled.
• Microsoft Clarity for optional analytics on public marketing and documentation pages when analytics consent is enabled.

Licenzy also uses PostgreSQL-based persistence to store account, billing, runtime, and operational data required to provide the service.

Where data protection laws require a legal basis for processing, Licenzy generally relies on one or more of the following bases depending on the context:

• Contract or performance of a service when we provide the website, portal, runtime API, billing functionality, account access, and related support.
• Legitimate interests when we secure, maintain, debug, monitor, improve, and operate Licenzy, prevent abuse, and investigate operational issues.
• Consent when optional analytics cookies are enabled for Google Analytics 4 and Microsoft Clarity.
• Legal obligations when we need to comply with applicable law, lawful requests, tax or accounting requirements, or dispute-resolution obligations.

We may share information with trusted service providers only as reasonably necessary to operate Licenzy, including providers that support hosting, infrastructure, billing, payment, authentication, email delivery, analytics, and related operational functions.

We may also disclose information where reasonably necessary to comply with law, protect Licenzy, respond to lawful requests, enforce our agreements, prevent fraud or abuse, or support a business transfer, financing, acquisition, or restructuring involving the service.

Licenzy does not sell personal data.

We retain information for as long as reasonably necessary to provide the service, maintain account access, operate billing and runtime workflows, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods may vary depending on the type of information. For example, account and authentication records may be retained to maintain access and security, billing records may be retained for accounting and compliance purposes, runtime and operational records may be retained to support service functionality and investigation, and consent records may be retained to respect analytics preference choices.

When information is no longer reasonably needed, we may delete it, de-identify it, or retain it only where ongoing retention is required for legal, operational, security, or dispute-related reasons.

Licenzy uses reasonable technical and organizational safeguards intended to protect personal information against unauthorized access, misuse, loss, or disclosure.

These safeguards may include HTTPS-only production access, authentication and session controls, infrastructure protections, access restrictions, and operational monitoring appropriate to a developer SaaS environment.

No method of transmission over the internet or method of storage is completely secure, so we cannot guarantee absolute security.

Licenzy and the providers we use may process information in countries other than the one where you are located. That can include international processing by providers such as Stripe, Render, Resend, Google, and Microsoft.

Where applicable, we rely on appropriate contractual, technical, and organizational measures intended to support lawful cross-border processing of personal information.

Depending on your location and the laws that apply to you, you may have rights to access, correct, delete, restrict, object to, or request portability of certain personal information.

You may also choose whether to allow optional analytics cookies, reject analytics cookies, and later change those preferences through the cookie settings made available on the public site.

If you want to make a privacy-related request, contact us using the details below and we will review the request in light of the applicable legal framework.

Licenzy is intended for developers, businesses, and teams using billing, entitlement, and access-control tooling. The service is not directed to children.

If you believe personal information from a child has been provided to Licenzy in a way that should not have occurred, contact us so we can review the situation.

We may update this Privacy Policy from time to time to reflect product, operational, or legal changes.

The latest version will always be posted on this page, together with the updated revision date.

For privacy questions or support related to this Privacy Policy, contact privacy@licenzy.app.

Please use that address for privacy questions, rights requests, or concerns related to personal information processed through Licenzy.