Privacy Policy
Your privacy is important to us. Learn how we protect your data.
1. Introduction
Welcome to enjoyip ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our user account system, community features, and battle rating tools.
2. Information We Collect
2.1 Information You Provide to Us
When you register for an account or interact with our platform, we may collect:
- Account Information: Email address, username, and password (securely hashed).
- Third-Party OAuth Data: If you choose to log in via third-party providers (e.g., Google, Discord), we collect your linked email address, public profile name, and avatar image. We do not have access to your third-party passwords.
- User-Generated Content (UGC): Comments, battle votes, ratings, and any other content you submit to our platform.
2.2 Automatically Collected Information
When you visit our website, we automatically collect certain information, including:
- Device and Usage Data: IP address, browser type, operating system, and pages visited, collected via Google Analytics (GA4).
- Cookies and Tracking: We use cookies for session management (authentication) and analytics. Please see our Cookie Policy for details.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or UK, our legal basis for collecting and using personal data depends on the context:
- Performance of a Contract: To provide our account services and community features to you.
- Legitimate Interests: To maintain security, prevent fraud, and improve our platform.
- Consent: When you opt-in to marketing communications or non-essential cookies.
4. How We Use Your Information
We use the collected information to:
- Create, authenticate, and manage your user account.
- Enable community features, such as posting comments and recording battle votes.
- Analyze website traffic and optimize user experience.
- Send administrative emails, such as password resets or magic links.
- Detect and prevent malicious activity, spam, and abuse of our UGC systems.
5. Information Sharing & Third Parties
We do not sell your personal data. We only share information with trusted third-party service providers (Data Processors) who assist us in operating our platform:
- Supabase: Provides our backend-as-a-service (BaaS), including secure PostgreSQL database hosting and user authentication services.
- Google Analytics: Analyzes website traffic and usage patterns.
- Legal Requirements: We may disclose your information if required by law, subpoena, or other legal processes.
6. Data Security & Retention
We implement robust security measures, including encryption in transit (HTTPS) and at rest. Our database provider (Supabase) employs industry-standard Row Level Security (RLS) to ensure users can only access or modify their own authorized data.
We retain your personal information only for as long as your account is active or as needed to provide you services. If you request account deletion, your personal data will be permanently erased or anonymized within 30 days, except where retention is required by law.
7. Your Privacy Rights (GDPR & CPRA)
Depending on your location, you have significant rights regarding your data under the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA):
- Right to Access & Portability: Request a copy of the personal data we hold about you.
- Right to Rectification (Correction): Request correction of inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request the deletion of your account and personal data.
- Right to Limit Use of Sensitive Personal Information (CPRA): We do not collect sensitive personal information beyond standard login credentials, but you have the right to restrict its use.
- Right to Opt-Out of Data Sales/Sharing: We do not sell your personal information.
- Right to Non-Discrimination: You will not be denied services or face price differences for exercising your privacy rights.
8. International Transfers
Our servers and primary third-party processors (e.g., Supabase) are primarily located in the United States and global edge regions. If you access our platform from outside the US, your information may be transferred to, stored, and processed in jurisdictions with different data protection laws. We rely on Standard Contractual Clauses (SCCs) and adequate safeguards for such transfers.
9. Children's Privacy
Our services are not intended for users under the age of 13 (or 16 in certain EU countries). We do not knowingly collect personal data from children. If we discover that we have inadvertently collected data from a child, we will delete it immediately.
10. Changes & Contact
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of material changes via email or a website notice.
If you wish to exercise your privacy rights or have any questions, please contact our Data Protection Officer at:
Email: enjoyip.service@gmail.com