UpgradIQ
Build with us
Last updated · May 20, 2026

Privacy Policy

This Privacy Policy explains how UpgradIQ, Inc.(a Delaware corporation), “UpgradIQ,” “we,” “us,” and “our,” collects, uses, and protects personal information when you visit upgradiq.com, use our products, purchase a build package, or otherwise interact with our services.

Notice: This document is a working draft awaiting final review by counsel. It reflects our current practices in good faith but is not a substitute for professional legal review.

1. Information we collect

1a. Site visitors

When you visit the site we collect limited technical information automatically, including IP address (anonymized before storage), user-agent string, referring URL, and interaction events via PostHog (analytics) and Sentry (error monitoring). Neither service receives your full IP address.

1b. Contact form submissions

If you submit the contact form, we store your name, email address, message content, and the timestamp of submission.

1c. Orders and billing

When you purchase a build package or subscribe to a Care plan, we collect your name, email address, and order details necessary to fulfil the engagement. Payment is processed by Stripe. We do not store card numbers or payment instrument details on our servers. Stripe holds and processes all payment card data and is subject to PCI-DSS compliance obligations. We receive and store a Stripe customer ID, payment confirmation, and order metadata (package type, amount, date) for accounting and service delivery purposes.

2. How we use information

  • To process and fulfil orders for build packages and Care subscriptions.
  • To respond to inquiries submitted through the contact form.
  • To send transactional emails related to your order or subscription.
  • To operate and improve the site and our products, using anonymized analytics via PostHog and error monitoring via Sentry.
  • To operate site security and abuse prevention via Cloudflare Turnstile on form submissions.
  • To comply with applicable legal and accounting obligations, including tax record-keeping.

3. Legal bases

Where the EU General Data Protection Regulation, UK GDPR, the Brazilian LGPD, or comparable laws apply, we rely on the following legal bases: the performance of a contract or pre-contractual steps at your request (for processing orders and delivering services), our legitimate interests (for site security and fraud prevention), your consent (for optional analytics where required), and compliance with legal obligations (for accounting and tax records).

4. Cookies and tracking

We use a small set of first-party cookies and similar technologies for essential site functionality and, with consent where required, analytics. See our Cookies Policy for the full list of technologies in use.

5. Service providers

We share personal information with service providers acting on our behalf, including:

  • Stripe — payment processing and subscription management. Stripe holds card data and is PCI-DSS compliant.
  • Supabase — application database (US region), including order and customer records.
  • Vercel — application hosting and edge functions.
  • Cloudflare — DNS, security, and bot protection (Turnstile) on form submissions.
  • Amazon Web Services (SES) — transactional email delivery.
  • Upstash — rate limiting and short-lived caching.
  • Sentry — error and performance monitoring (anonymized IP).
  • PostHog — product analytics (anonymized IP; consent-gated where required).

Each provider is contractually required to handle personal data consistently with this Policy and applicable law.

6. International transfers

UpgradIQ is incorporated in Delaware. Some of our service providers are based in the United States or operate globally. Where personal information is transferred from outside the United States, we rely on standard contractual clauses or other lawful transfer mechanisms permitted by your jurisdiction’s data protection law.

7. Retention

  • Order and customer records — retained as long as necessary to fulfil the service and for accounting and tax purposes (typically seven years from the transaction date in accordance with US tax record-keeping standards).
  • Contact-form submissions — retained for up to twenty-four months for follow-up and audit purposes.
  • Aggregated and anonymized data — may be retained indefinitely.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. You can exercise these rights by emailing hello@upgradiq.com. We will respond within the timeframe required by applicable law. Note that some data (such as transaction records) may be subject to legal retention requirements that limit deletion.

9. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, row-level security on application databases, anonymized IP storage in analytics and monitoring tools, rate limiting, bot protection, and access logging. Card data is handled exclusively by Stripe and never stored on our servers. No method of transmission is perfectly secure, and we do not guarantee absolute security.

10. Children

Our services are intended for adults. We do not knowingly collect personal information from children under sixteen.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date above reflects the most recent substantive change. Material changes will be communicated to affected users by email or a prominent notice on the site.

12. Contact

Questions about this Policy may be directed to: hello@upgradiq.com. UpgradIQ, Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States.