Privacy Policy

Introduction

Welcome to Social Proof Exchange ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Stefan Rose, stefanrows@gmail.com

Information We Collect

We collect information that you provide directly to us, including:

• Account information (email address, name, username)
• Profile information (bio, avatar)
• Authentication data from third-party providers (e.g., X/Twitter)
• Payment information (processed securely through Stripe)
• Usage data and analytics (through Google Analytics 4)

Automatically Collected Information: When you visit our application, we automatically collect certain information about your device and usage patterns, including IP address, browser type, pages visited, and the time and date of your visit, through Google Analytics 4.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Performance of a Contract: Processing necessary to provide our services
• Consent: Where you have given explicit consent for specific processing (e.g., analytics)
• Legal Obligation: Where required by law
• Legitimate Interests: To improve our services and prevent fraud

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Create and manage your account
• Authenticate your identity and process payments
• Send you technical notices and support messages
• Respond to your comments and questions
• Monitor and analyze trends, usage, and activities for service improvement
• Comply with legal obligations and enforce our agreements
• Prevent fraud and ensure security of our platform

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help us analyze how users interact with our website.

Cookies Used:

• _ga - Used to distinguish users
• _ga_* - Used to persist session state
• _gid - Used to store and count pageviews
• _gat - Used to throttle request rate

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google may share this information with third parties where required to do so by law or where such third parties process the information on Google's behalf. We have enabled IP anonymization, so Google will truncate/anonymize the last octet of your IP address for member states of the European Union as well as for other parties to the Agreement on the European Economic Area.

You can opt out of Google Analytics tracking by adjusting your cookie preferences or using Google's opt-out browser extension available at https://tools.google.com/dlpage/gaoptout.

Third-Party Service Providers

We work with trusted third-party service providers that process personal data on our behalf:

• Stripe: Payment processing and billing. Privacy: https://stripe.com/privacy
• Supabase: Database and data storage. Privacy: https://supabase.com/privacy
• Vercel: Application hosting. Privacy: https://vercel.com/legal/privacy-policy
• Google Analytics: Web analytics. Privacy: https://policies.google.com/privacy

All service providers are contractually bound to protect your data and use it only for the purposes we specify. These providers may be located outside of the European Economic Area, in which case appropriate safeguards (such as Standard Contractual Clauses) are in place.

Information Sharing

We do not sell your personal information to third parties. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, privacy, safety, or property
• With service providers who assist in our operations under data processing agreements
• In case of a merger, acquisition, or sale of assets (with proper notice)

Data Retention

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specific retention periods are as follows:

• Account Information: Retained for the duration of your account and up to 90 days after account deletion for legal compliance
• Analytics Data: Retained according to Google Analytics retention settings (typically 14 or 26 months)
• Payment Information: Retained only for the duration required by payment processors and applicable law

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication mechanisms
• Regular security assessments
• Role-based access controls

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Your GDPR Rights

If you are located in the European Union or European Economic Area, you have the following rights under GDPR:

• Right of Access (Article 15): Request access to your personal data
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Request limitation of processing
• Right to Data Portability (Article 20): Receive and transfer your data in a portable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing before withdrawal
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at stefanrows@gmail.com with your request and sufficient identification information.

Data Protection Authority

For users in Germany, you can contact the relevant data protection authority:

Bayerisches Landesamt für Datenschutz (BayLDA)
Promenade 27
91522 Ansbach
Germany
Website: https://www.baylda.de

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will immediately delete such information and terminate the child's account. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at stefanrows@gmail.com.

International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your home country. When we engage in such transfers, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure your data is protected in accordance with GDPR and other applicable laws.

Data Breach Notification

In the event of a personal data breach that poses a risk to your privacy, we will notify you and the relevant data protection authorities without undue delay, as required by GDPR Article 33, unless the breach is unlikely to result in risk to your rights and freedoms.

Cookies and Similar Technologies

We use cookies and similar tracking technologies (such as pixels and local storage) to enhance your experience, personalize content, and collect analytics data. You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of our application.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and obtaining your consent if required by applicable law. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Data Controller:
Stefan Rose
Email: stefanrows@gmail.com

We will respond to your inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.