Privacy Policy

1. Information We Collect

We collect information in several ways when you use our Service:

1.1 Account Information

When you create an account, we collect:

• Email address - Required for account creation and communication
• Name - If provided during registration or via OAuth
• Authentication provider data - If you sign in via Google OAuth or other providers, we receive basic profile information as permitted by your OAuth settings

Account authentication is managed by Clerk, a third-party authentication service. Clerk's handling of your data is governed by their Privacy Policy.

1.2 Code Files

When you use the conversion service:

• Uploaded source code files - Temporarily stored for processing only
• ZIP archives - Temporarily stored for batch processing
• Live preview code snippets - Processed in real-time and not stored
  • Limited to 500 characters per conversion
  • Maximum 10 conversions per hour per IP address

1.3 Code Processing & Privacy

NativeBridge prioritizes your code privacy:

• No AI or LLMs - We use proprietary conversion algorithms, not third-party AI services
• No external processing - Your code never leaves our secure infrastructure
• No training data - Your code is never stored or used to improve our service
• Memory-only processing - Your code is never written to disk
• Immediate deletion - All files deleted within 30 minutes of processing
• Deterministic results - Same input always produces the same output

1.4 Usage Information

We collect information about your use of the Service:

• Conversion history - LOC (Lines of Code) used for each conversion (for quota tracking)
• Organization usage - LOC usage across team members (for shared quota management)
• File metadata - File sizes, conversion direction (Swift to Kotlin or vice versa)
• Timestamps - When conversions were performed

1.5 Organization Information

For team/organization accounts:

• Organization name
• Organization members - Email addresses of team members
• Roles - Admin, member, or owner designation
• Shared LOC usage - Which team member used LOC from shared pool
• Seat allocations - Number of active seats

Organization data is only visible to organization members. We do not share organization data with third parties except as required by law.

1.6 Payment Information

When you make a purchase:

• Payment processing is handled entirely by Stripe
• We do NOT store your credit card numbers, CVV, or full payment details
• We receive only: Transaction confirmation, purchase amount, last 4 digits of card (for reference)

Stripe's handling of your payment data is governed by their Privacy Policy.

1.7 Automatically Collected Information

When you access the Service, we may automatically collect:

• IP address
• Browser type and version
• Operating system
• Device information
• Referring URLs
• Pages visited and actions taken on the Service

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Providing the Service

• Process and convert your code files
• Create and manage your account
• Track your LOC (Lines of Code) quota and usage
• Manage organization memberships and shared quotas
• Deliver converted code packages

2.2 Payment Processing

• Process purchases and subscriptions via Stripe
• Provide receipts and billing history
• Process payments and transactions (all sales final per our Terms of Service)

2.3 Communication

• Send service-related emails (account verification, conversion completion, receipts)
• Respond to your inquiries and support requests
• Notify you of important changes to the Service or these policies

2.4 Service Improvement

• Analyze usage patterns to improve the Service
• Identify and fix technical issues
• Develop new features and functionality

2.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and prevent fraud
• Enforce our Terms of Service

3. How We Store Your Information

3.1 Code Files

• Uploaded code is processed entirely in memory - never written to disk
• All uploaded files are automatically deleted within 30 minutes of processing
• We do NOT permanently store your source code
• We do NOT read, analyze, or review your code for any purpose other than conversion
• We do NOT use your code to train machine learning models
• We do NOT share your code with any third parties

3.2 Account Data

• Account information is stored securely via Clerk (our authentication provider)
• Clerk implements industry-standard security measures and is SOC 2 compliant

3.3 Payment Data

• Payment information is stored securely by Stripe
• Stripe is PCI-DSS Level 1 certified (the highest level of certification)
• We only store transaction references, not payment card details

3.4 Infrastructure

Our Service is hosted on Railway, a secure cloud infrastructure provider. Data in transit is protected using TLS/HTTPS encryption.

4. Information Sharing and Disclosure

4.1 Service Providers

We share data only with trusted service providers who assist in operating the Service:

These providers are contractually obligated to protect your data and use it only for the specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with a subpoena, court order, or legal process
• To respond to lawful requests from government authorities
• To protect our rights, property, or safety, or that of our users
• To investigate potential violations of our Terms of Service

4.3 Business Transfers

If NativeBridge is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service of any change in ownership.

4.4 No Sale of Data

We do not sell, rent, or lease your personal information to third parties for marketing or any other purposes.

5. Your Rights and Choices

5.1 Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Export: Request a portable copy of your data
• Opt-out: Opt out of marketing communications

5.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: support@usenativebridge.com

We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

5.3 Account Deletion

You may request complete deletion of your account and associated data by emailing us. Upon deletion:

• Your account will be deactivated immediately
• Personal data will be deleted within 30 days
• Some information may be retained as required by law (e.g., transaction records)

6. GDPR Compliance (European Union Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

6.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Consent: Where you have given explicit consent for specific processing
• Legitimate Interests: For service improvement and fraud prevention, where not overridden by your rights
• Legal Obligation: To comply with applicable laws

6.2 Your GDPR Rights

In addition to the rights listed in Section 5, EU users have:

• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 International Transfers

Your data may be transferred to and processed in the United States. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission.

6.4 Data Controller

Nathan Haring, doing business as NativeBridge, is the data controller for purposes of GDPR. Contact information is provided in Section 14.

7. CCPA Compliance (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).

7.1 Your CCPA Rights

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale: We do NOT sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

7.2 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (email address, name, IP address)
• Commercial information (purchase history)
• Internet activity (usage data, browser information)

7.3 How to Submit a Request

California residents may submit CCPA requests by emailing support@usenativebridge.com with the subject line "CCPA Request."

8. Children's Privacy

NativeBridge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@usenativebridge.com. We will promptly delete such information from our systems.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information.

9. International Data Transfers

NativeBridge is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

We implement appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses for transfers to/from the EU
• Data processing agreements with our service providers
• Technical and organizational security measures

10. Data Retention

We retain your information for different periods depending on the type of data:

After the retention period expires, data is securely deleted or anonymized.

11. Cookies and Tracking Technologies

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and improve your experience.

11.2 Cookies We Use

11.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Service, including the ability to log in.

11.4 Do Not Track

We currently do not respond to "Do Not Track" signals. If we implement analytics tracking in the future, we will update this policy accordingly.

12. Security

We implement industry-standard security measures to protect your information:

12.1 Technical Measures

• Encryption in Transit: All data transmitted to and from the Service is encrypted using TLS/HTTPS
• Secure Infrastructure: Hosted on Railway with enterprise-grade security
• Authentication: Secure user authentication via Clerk with support for OAuth and MFA
• Payment Security: PCI-DSS compliant payment processing via Stripe

12.2 Organizational Measures

• Access to personal data is limited to those who need it
• Regular review of security practices
• Secure development practices

12.3 Limitations

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

12.4 Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email and/or prominent notice on the Service within 72 hours of becoming aware of the breach, as required by applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

• The "Last Updated" date at the top of this policy will be revised
• Material changes will be communicated via email to registered users
• The updated policy will be posted on this page

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.