Privacy Policy

1. Information We Collect

a. Account & Profile Data

• Name & Email: When you register for an account.
• Authentication Data: Managed via Firebase Auth—passwords are never stored on our servers.

b. Payment Data

All billing is handled by Stripe or other PCI-compliant providers; we do not store full payment details.

c. Log & Usage Data

• Server Logs: IP address, browser type/version, device identifiers, timestamps, pages visited, and error logs.
• Analytics & Performance: Crash reports and performance metrics (internal only).

d. Cookies & Similar Technologies

• We use a secure authentication cookie for session management and access control.
• No cross-site tracking or advertising cookies.

2. How We Use Your Information

• Provide & improve the Service
• Authenticate & authorize your access
• Process payments via our partners
• Communicate system updates and support messages
• Monitor & troubleshoot technical issues

3. Legal Bases for EU/UK Users

• Contract Performance: Providing the Service you’ve requested.
• Legitimate Interests: Security, fraud prevention, platform improvement.
• Consent: Where required, e.g. for non-essential cookies.

4. How We Share Your Information

We do not sell your personal data. We may share with:

• Service Providers: Firebase, Stripe, hosting/CDN, email delivery—only as needed.
• Legal & Safety: If required by law or to protect rights and users.

5. Third-Party Links & Embeds

Our Service may contain links to or embed content from other sites (e.g. YouTube, Google Maps). We’re not responsible for those third parties’ privacy practices—please review their policies separately.

6. International Data Transfers

Your data may be stored or processed in the U.S. or other countries by our service providers. We apply appropriate safeguards to protect it.

7. California Privacy Rights (CCPA/CPRA)

• Know what personal information we collect and how we use it
• Delete your personal information (subject to exceptions)
• Opt-out of any “sale” of personal information (we do not sell data)

8. Data Retention

• Account & Profile Data: Until account deletion + 90 days.
• Payment Records: 7 years (tax/compliance).
• Logs & Diagnostics: 1 year (security, troubleshooting).

9. Children’s Privacy

Our Service is not intended for children under 13. If you believe we have collected such information, please contact us for deletion.

10. Security & Breach Notification

We implement reasonable safeguards. In the event of a data breach, we will notify affected users and regulators without undue delay.

11. Your Rights & Choices

• Access & correction: request copies or amendments to your data.
• Deletion: ask us to delete your personal information.
• Cookie controls: disable cookies in your browser (may affect functionality).

12. Changes to This Policy

We may update this Policy as practices evolve. For material changes, we’ll notify users via email and on the Service at least 30 days before changes take effect.

Version History

• 1.0 – May 20, 2025: Initial published policy.