DartformDARTFORM
    Legal / Privacy Policy

    Legal

    Privacy Policy

    This Privacy Policy explains what data Dartform collects, why it is collected, how it is stored, and your rights over it. We are committed to collecting only what is necessary to operate the Software.

    01

    Overview

    Dartform is a desktop IDE companion for Serverpod developers, published by Mobterest Studio. This Policy applies to all users of the Dartform application and the dartform.dev website.

    We operate on a minimal data principle — we only collect what is strictly necessary to authenticate you, manage your subscription, and improve the Software. Your project source code is never transmitted to our servers.

    Your code stays local. All Serverpod project processing happens on your machine. Dartform only contacts our servers for authentication, subscription validation, and when you use Dartform AI.
    02

    What We Collect

    The following table describes every category of data we collect, why we collect it, and how long we retain it.

    Data typeWhat it includesWhy we collect it
    Email addressYour email as entered at sign-inMagic-link authentication via Supabase. Used to identify your account and deliver invite emails.
    Session tokensSupabase auth session data stored locally on your deviceKeeps you signed in between app launches without re-authenticating.
    Subscription dataPlan type, billing cycle, seat count, subscription statusValidates your subscription and enforces seat limits. Sourced from Gumroad via webhook.
    Seat recordsEmail addresses of invited teammates, seat assignment timestampsManages team access. Seat admins can view and revoke this data at any time.
    AI request dataThe project description you submit to Dartform AI, token usage counts, request status, and response durationPowers the Dartform AI feature, enforces monthly scaffold limits, monitors for abuse, and helps us improve AI output quality over time. Descriptions are stored on our servers.
    Usage analyticsAnonymized feature interaction events and error reportsHelps us understand how the Software is used and identify areas for improvement. No PII included.

    We do not collect: your Serverpod project files, source code, schema definitions, passwords, payment card details, or any other data not listed above. AI project descriptions you submit are stored as entered and are not used to train any AI model.

    03

    How We Use It

    • To authenticate you and maintain your signed-in session within the app.
    • To validate your active subscription and enforce seat limits.
    • To send magic-link sign-in emails and team invitation emails.
    • To process subscription lifecycle events (new subscriptions, renewals, cancellations) received from Gumroad.
    • To provide seat management functionality, allowing the seat admin to invite, view, and revoke teammates.
    • To process Dartform AI scaffold requests, including storing the description you submit, enforcing your monthly scaffold limit, monitoring for abuse, and improving AI output quality over time.
    • To analyze anonymized, aggregated usage patterns to improve the Software.
    • To respond to support requests submitted to our support email.

    We do not use your data for advertising, profiling, or any purpose beyond operating and improving the Software.

    04

    Storage & Security

    Account and subscription data is stored in Supabase, a hosted backend platform with industry-standard encryption at rest and in transit (TLS). Session tokens are stored locally on your device using your operating system's secure storage.

    We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

    Supabase infrastructure: Our backend runs on Supabase, which is SOC 2 compliant and stores data in secured, encrypted databases. For more information visit supabase.com/security.
    05

    Third Parties

    We use a small number of trusted third-party services to operate Dartform. Each receives only the minimum data necessary to perform its function.

    ServicePurposeData shared
    SupabaseAuthentication, database, and session managementEmail address, session tokens, subscription and seat records, AI request logs.
    GumroadSubscription billing and payment processingEmail address, plan selection. Payment card data is handled exclusively by Gumroad and never reaches our servers.
    GroqAI inference for the Dartform AI scaffold featureThe project description you submit to Dartform AI is sent to Groq's API for processing. Groq's privacy policy applies to this data. Visit groq.com/privacy for details.

    We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

    06

    Your Rights

    Regardless of your location, you have the following rights with respect to your personal data:

    • Access: You may request a copy of the personal data we hold about you.
    • Correction: You may request that inaccurate or incomplete data be corrected.
    • Deletion: You may request deletion of your account and associated personal data. Note that some data may be retained for legal or billing compliance purposes.
    • Portability: You may request your data in a structured, machine-readable format.
    • Objection: You may object to processing of your data where we rely on legitimate interests as the legal basis.

    To exercise any of these rights, contact us at mobterest@gmail.com. We will respond within 30 days.

    07

    Data Retention

    • Account and session data is retained for as long as your account is active.
    • Subscription records are retained for up to 7 years for tax and billing compliance.
    • AI request data, including project descriptions submitted to Dartform AI, is retained for 12 months from the date of submission, after which it is permanently deleted from our systems.
    • Anonymized analytics data may be retained indefinitely as it contains no personally identifiable information.

    Upon account deletion, all personally identifiable data will be removed from our active systems within 30 days, subject to the retention requirements above.

    08

    Children

    Dartform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at mobterest@gmail.com and we will delete it promptly.

    09

    Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify active subscribers via email.

    Your continued use of the Software after any change constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, you should cancel your subscription and discontinue use of the Software.

    10

    Contact

    For any privacy-related questions, requests, or concerns, please contact us:

    Mobterest Studio
    Email: mobterest@gmail.com
    Website: dartform.dev