Acme

Privacy Policy

Last Updated: January 15, 2025

1. Introduction

Welcome to Acme ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Acme is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: legal@example.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Optional profile details, preferences, and settings
  • Payment Information: Billing address and payment details (processed securely by Stripe)
  • Communications: Messages, feedback, and support requests you send to us

3.2 Automatically Collected Information

  • Usage Data: How you interact with our service, features used, pages visited
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Similar Technologies: See our Cookie Policy for details

3.3 Information from Third Parties

  • Authentication Providers: If you sign in using a third-party service
  • Payment Processors: Transaction information from Stripe
  • Analytics Providers: Aggregated usage statistics from PostHog

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide our service and fulfill our obligations (Article 6(1)(b) GDPR)
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security (Article 6(1)(f) GDPR)
  • Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c) GDPR)
  • Consent: For marketing communications and optional features (Article 6(1)(a) GDPR)

5. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our service
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns and optimize user experience
  • Detect, prevent, and address technical issues and security threats
  • Send marketing communications (with your consent)
  • Comply with legal obligations and enforce our terms

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • Vercel: Hosting and content delivery
  • PostHog: Analytics and product insights
  • Resend: Transactional and marketing emails

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud or security issues

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. International Data Transfers

Our service is hosted in the European Union. If data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Other legally compliant transfer mechanisms

8. Data Retention

We retain your personal data for as long as necessary to:

  • Maintain your account and provide our service
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

Typical Retention Periods:

  • Active accounts: Duration of service use plus 30 days
  • Inactive accounts: 2 years from last login
  • Payment records: 7 years (legal requirement)
  • Marketing data: Until consent is withdrawn
  • Analytics data: 2 years in aggregated form

9. Your Rights (GDPR)

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

You can request a copy of your personal data we hold.

9.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure (Article 17)

You can request deletion of your data ("right to be forgotten").

9.4 Right to Restriction (Article 18)

You can request limitation of processing in certain circumstances.

9.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

9.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

9.7 Right to Withdraw Consent (Article 7)

You can withdraw consent at any time where processing is based on consent.

9.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

To exercise your rights, contact us at: legal@example.com

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

13. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

14. Marketing Communications

With your consent, we may send you:

  • Product updates and new features
  • Tips and best practices
  • Special offers and promotions
  • Company news and events

You can opt out of marketing emails at any time by:

  • Clicking the "unsubscribe" link in any email
  • Updating your account preferences
  • Contacting us at legal@example.com

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: We do not sell your personal information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Your continued use of the service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: legal@example.com

For GDPR-related inquiries or to exercise your rights, please include "GDPR Request" in the subject line.

Privacy Policy | Acme