Privacy Policy
Last updated: April 6, 2026
Introduction
We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and how we handle it. We process all data in compliance with the General Data Protection Regulation (GDPR) and other applicable EU privacy laws.
Data we collect
We collect only the minimum data necessary to provide and improve our service:
- Account information: Email address and display name when you register an account.
- Usage data: Your preferences (e.g., theme settings), saved sessions, and content interactions within the platform.
- Cookies: Strictly functional cookies for authentication, theme preference, and cookie consent. See our Cookie Policy for details.
How we use your data
- Providing and maintaining the service, including your account and saved content.
- Authenticating your identity and keeping your account secure.
- Remembering your preferences such as language and theme.
- Protecting against misuse, fraud, and security threats.
Legal basis for processing (GDPR)
- Performance of a contract: Processing your account data is necessary to provide the service you signed up for.
- Consent: You give consent for cookie usage through the cookie consent banner.
- Legitimate interest: We process minimal usage data to maintain security and improve the service.
Where your data is stored
Your data is hosted exclusively within the European Union:
| Provider | Purpose | Data location |
|---|---|---|
| Vercel | Application hosting and content delivery | EU (Frankfurt, Germany) |
| Supabase | Database, authentication, and file storage | EU (Frankfurt, Germany) |
Data sharing
We do not sell, trade, or share your personal data with third parties for marketing purposes. Your data is processed by our infrastructure providers (Vercel and Supabase) as necessary to deliver the service. When you subscribe to a creator's group, your payment data (email, name) is shared with the creator's Stripe account as they are the payment processor and merchant of record for that transaction. Creators who link their Stripe accounts provide API keys that are stored encrypted on our servers to facilitate payment processing. All providers operate under GDPR-compliant data processing agreements.
Data retention
We retain your personal data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days. Anonymized usage data may be retained for service improvement.
Your rights under GDPR
As an EU resident, you have the following rights regarding your personal data:
- Right of access - request a copy of your personal data.
- Right to rectification - correct inaccurate or incomplete data.
- Right to erasure - request deletion of your personal data.
- Right to restriction - request limited processing of your data.
- Right to data portability - receive your data in a portable format.
- Right to object - object to processing based on legitimate interest.
- Right to withdraw consent - withdraw cookie consent at any time by clearing your browser cookies.
You also have the right to lodge a complaint with your local data protection authority if you believe your data is being processed unlawfully.
Children's privacy
Our service is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.
Changes to this policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.
Contact us
If you have questions about this privacy policy or wish to exercise your data rights, please contact us through the platform's contact form or email.