Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an account and use our platform, we collect information you provide directly:

• Account Information: Email address, username, password (hashed), and optional profile information (name, bio, avatar)
• OAuth Information: When you sign in via Google or GitHub, we receive your email, name, and profile picture
• User-Generated Content: Product listings, reviews, comments, ratings, votes, and bookmarks
• Communications: Messages you send through contact forms or support channels

1.2 Automatically Collected Information

When you access our platform, we automatically collect:

• Usage Data: Pages visited, time spent on pages, click patterns, and feature usage
• Device Information: Browser type, operating system, device type, IP address
• Analytics Data: Collected via Google Analytics (if enabled) to understand user behavior and improve our service

2. How We Use Your Information

We use the collected information to:

• Provide Services: Create and manage your account, enable product submissions, facilitate community interactions
• Improve Platform: Analyze usage patterns, develop new features, optimize user experience
• Communication: Send notifications about activity on your content, platform updates, and security alerts
• Security: Detect fraud, prevent abuse, and maintain platform integrity
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service
• Personalization: Customize your experience based on your preferences and activity

3. Information Sharing and Disclosure

3.1 Public Information

The following information is publicly visible to all users and visitors:

• Your username, profile picture, and bio
• Product listings you submit
• Reviews, comments, and ratings you post
• Your voting activity may be visible to product creators

3.2 Third-Party Services

We share data with trusted service providers:

• Supabase: Database, authentication, and file storage (EU/US regions)
• Vercel: Hosting and content delivery
• Google Analytics: Anonymous usage analytics (if enabled)
• OAuth Providers: Google and GitHub for authentication

3.3 Legal Requirements

We may disclose your information if required by law, legal process, or to protect our rights, users, or public safety.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Password Security: Passwords are hashed using bcrypt
• Access Controls: Row Level Security (RLS) policies in Supabase ensure users can only access authorized data
• Regular Audits: We regularly review security practices and update dependencies

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Your Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for specific purposes
• Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)

To exercise these rights, please contact us at privacy@aimademethis.com. We will respond within 30 days.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Authentication and session management (required for platform functionality)
• Analytics Cookies: Google Analytics to understand usage patterns (can be disabled)
• Preference Cookies: Remember your theme choice (dark/light mode)

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

7. Data Retention

We retain your data as follows:

• Account Data: Retained until you delete your account
• Content: Product listings, reviews, and comments remain public unless you delete them
• Analytics Data: Aggregated, anonymized data may be retained indefinitely
• Deleted Accounts: Personal data is deleted within 30 days of account deletion, except where required by law

8. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We use Supabase, which stores data in EU and US regions with appropriate safeguards. By using our platform, you consent to the transfer of your information to these jurisdictions.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform or sending an email to registered users. Your continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: