Privacy Policy

1. Data Controller

The data controller for your personal data is:

[Company Name]
[Company Address]
Email: [email protected]

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual Necessity: To provide our services and process payments (Article 6(1)(b) GDPR)
• Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c) GDPR)
• Legitimate Interests: To improve our services, ensure security, and prevent fraud (Article 6(1)(f) GDPR)
• Consent: For marketing communications and non-essential cookies (Article 6(1)(a) GDPR)

3. Data We Collect

We collect and process the following categories of personal data:

• Account Data: Email address, first name, surname
• Payment Data: Payment method type (e.g., Visa, PayPal), transaction history (processed securely by Stripe)
• Location Data: IP-based location for security and regional service optimization
• Usage Data: Browser type, device information, access times, pages viewed
• Technical Data: IP address, browser type, operating system, device identifiers

4. How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain our service
• To process payments and manage subscriptions
• To improve user experience and service functionality
• To ensure security and prevent fraud
• To comply with legal obligations
• To communicate with you about our services

5. Data Storage and Security

Your data is stored securely in Supabase with the following measures:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Backup systems and disaster recovery procedures

6. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with our service providers
• EU-US Data Privacy Framework compliance where applicable
• Additional technical and organizational measures

Our third-party providers include:

• Supabase (Data Storage) - Privacy Policy
• Stripe (Payments) - Privacy Policy
• Google (Authentication & Analytics) - Privacy Policy

7. Data Retention

We retain your personal data for different periods depending on the type of data and purpose:

• Account data: Until account deletion or 6 months of inactivity
• Payment data: 7 years (for tax and accounting purposes)
• Usage data: 12 months
• Technical data: 30 days

8. Your Rights

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact us at [email protected]. We will respond within one month.

9. Cookies and Tracking

We use cookies and similar tracking technologies:

• Essential cookies for service functionality
• Analytics cookies to improve our service
• Authentication cookies for secure login

You can manage your cookie preferences through your browser settings or our cookie consent tool.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Last updated: 4/27/2025

11. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: [email protected]

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.