Privacy Policy

1. At a glance

CelebrateReel is a service that turns photos and audio you provide — or that guests upload through a link you share — into a music-timed slideshow video. To run the service, we need to collect, store, and process those photos, that audio, and a limited set of personal information about the people who hold accounts. This policy explains what we collect, why, who we share it with, how long we keep it, and the rights you have in your data.

• We do not sell your personal information for money.
• We do not use your photos, audio, or rendered videos to train artificial-intelligence models.
• We do not knowingly “share” personal information for cross-context behavioral advertising as that term is defined under California law (see Section 21).
• You can export or delete your account and content at any time from Settings.
• Photos may include images of identifiable people, sometimes minors. Hosts who upload or invite guests to upload such photos are responsible for obtaining appropriate consent (see Section 9).

2. Scope & who we are

This Privacy Policy describes how CelebrateReel (“CelebrateReel,” “we,” “us,” or “our”) collects and processes personal information in connection with our website at celebratereel.com, our application at app.celebratereel.com, our mobile-web upload pages, and any related services we make available (collectively, the “Service”).

For purposes of the European Union General Data Protection Regulation (“GDPR”), the United Kingdom Data Protection Act 2018 / UK GDPR, and similar laws, CelebrateReel is the “controller” of personal information about account holders. When a Host (account holder) uses the Service to collect content from Guests as part of an event, the Host typically determines the purposes of that collection; in many circumstances we act as a “processor” for that Host’s event-specific content. Defining the controller / processor allocation between CelebrateReel and Hosts is one of the items being reviewed by counsel.

3. Definitions

Capitalized terms used in this policy have the meanings below. Other capitalized terms have the meanings given in our Terms of Service.

• Account — the registered user account a Host creates to use the Service.
• Content — photos, audio files, written captions, and any other material uploaded to or generated through the Service.
• Customer Content — Content that a Host uploads or invites Guests to upload to a project the Host controls.
• Guest — a person who uploads Content through a Host’s collection link without creating their own Account.
• Host — the holder of an Account who creates a project and invites Guests to contribute.
• Personal Information or Personal Data — information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as those terms are defined under applicable privacy laws.
• Render — the music-timed slideshow video generated by the Service from Customer Content.
• Sub-processor — a third party we engage to process Personal Information on our behalf to deliver the Service.

4. Information we collect

We collect the categories of Personal Information described below.

4.1 Account information

When you create an Account, we collect your name, email address, and a hashed verifier of your password. Email verification, password storage, and multi-factor authentication are handled by Amazon Cognito under our AWS account; CelebrateReel does not receive or store plaintext passwords. If you sign in with a third-party identity provider (e.g. Google), we receive the basic profile fields that provider returns (typically name, email address, and a stable identifier).

4.2 Profile & preferences

If you choose to add them, we store profile attributes such as your default event type, account type (consumer, funeral home, agency), brand color preferences, and the URL of any logo you upload for white-label rendering.

4.3 Customer Content

Content uploaded by you or by your Guests — including photographs, audio files, captions, and any descriptive metadata you supply — is stored in Amazon S3 buckets in our AWS account in the United States (us-east-1). Renders produced from that Content are stored alongside.

Photographs frequently contain Personal Information about third parties (faces, license plates, location-revealing background details). Audio files may contain identifiable voices. We treat all Customer Content as confidential to the Host and process it only as described in this policy.

4.4 Photo metadata & technical analysis

When a photo is uploaded, our system reads file metadata (e.g. timestamp, original filename, MIME type, dimensions, EXIF orientation) and performs technical analysis to help select and order photos in the Render. That analysis includes:

• quality scoring (sharpness / blur, exposure, composition);
• face detection using a local OpenCV Haar-cascade classifier — we identify whether a region of an image contains a face, but we do not compute facial-recognition templates, “faceprints,” biometric identifiers, or any data that could re-identify a specific individual;
• perceptual hashing for duplicate detection;
• automated content moderation through Amazon Rekognition (see Section 12).

The face-detection coordinates we store are bounding-box pixel coordinates within an image; they are not biometric identifiers within the meaning of the Illinois Biometric Information Privacy Act (740 ILCS 14/) or comparable laws. We do not use this data to identify individuals across photos. This characterization is being reviewed by counsel.

4.5 Billing information

Payments are processed by Stripe, Inc. We store a Stripe customer ID, a record of each Per-Event Purchase or subscription event (tier, variant, currency, amount, date, last four digits of card, billing country), and the same identifiers Stripe returns for refunds and disputes. We never receive or store full payment-card numbers, full bank account numbers, or card-verification values.

4.6 Communications with us

If you email or otherwise contact us — including through demo-request, agency-waitlist, or DMCA submission forms — we receive whatever information you provide and the message metadata (timestamps, IP address, mail headers).

4.7 Usage & device data

When you use the Service, we automatically collect:

• request metadata (URL paths, HTTP method and status, response time, request ID);
• IP address and approximate location derived from it (country / region);
• user-agent string, browser, operating system, and device type;
• referrer URL;
• session identifiers and authentication state;
• error and crash diagnostics through Sentry.

4.8 Analytics

We use Google Analytics 4 (“GA4”) to understand how the Service is used in aggregate. GA4 sets cookies and similar identifiers and reports usage events back to Google. Where GA4 collects IP addresses we instruct it to anonymize them. See Section 16 for details and your choices.

4.9 Inferences

We may derive inferences from the data above — for example, classifying a Host as “new” vs. “returning,” or grouping projects by event type so we can prioritize template improvements.

5. Sources of personal information

We collect Personal Information from these sources:

• directly from Hosts when they sign up, configure projects, upload Content, communicate with us, or pay;
• directly from Guests when they upload Content through a Host’s collection link;
• automatically from devices and browsers as they interact with the Service;
• from service providers we engage to support the Service (e.g. Stripe for billing details, AWS Cognito for authentication events);
• from identity providers if you sign in with a third-party login (e.g. Google);
• from public sources or referrers if you arrived from a partner’s site or a search engine.

6. Purposes & legal bases for processing

We process Personal Information for the purposes and on the legal bases below. The “Legal basis” column applies to processing of personal data of individuals in the European Economic Area, the United Kingdom, and Switzerland; for individuals elsewhere, it is offered as additional context.

Purpose	Categories of data used	Legal basis (GDPR Art. 6)
Provide and operate the Service (account management, project creation, photo upload, render generation, delivery, sharing).	Account, profile, Customer Content, photo metadata, usage data.	Performance of a contract (Art. 6(1)(b)).
Process payments and prevent payment fraud.	Billing data, IP, country, account.	Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) for tax records.
Send transactional notifications (verification, render-ready alerts, receipts, security notices, post-event reminders).	Account, communications.	Performance of a contract (Art. 6(1)(b)); legitimate interest in service continuity (Art. 6(1)(f)).
Send optional marketing communications (product news, occasion tips).	Account, communications, inferences.	Consent (Art. 6(1)(a)) where required; legitimate interest (Art. 6(1)(f)) otherwise. Opt-out always available.
Detect, investigate, and prevent abuse, fraud, copyright infringement, and unauthorized access.	Account, Customer Content, usage data, communications.	Legitimate interest in protecting the Service and rights holders (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) for DMCA.
Comply with law (DMCA, lawful subpoenas, tax, accounting, audit).	Any data reasonably required.	Legal obligation (Art. 6(1)(c)).
Improve the Service through aggregate analytics and product research.	Usage data, inferences (de-identified or aggregated where feasible).	Legitimate interest in service improvement (Art. 6(1)(f)).
Establish, exercise, or defend legal claims.	Any data reasonably required.	Legitimate interest (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) where applicable.

Where we rely on legitimate interests, we have completed (and will reassess as our processing changes) a balancing assessment between our interests and your rights. You can object to legitimate-interest processing as described in Section 20.

7. Sensitive personal information

Some Customer Content may include sensitive Personal Information — for example, photographs that reveal religious affiliation (a wedding under a particular faith’s rites, a memorial service), photographs of minors, or images containing precise location indicators. We do not knowingly collect government-issued identification numbers, financial-account credentials, biometric identifiers, geolocation derived from precise GPS, sex-life or sexual-orientation data, health data, or trade-union membership in the ordinary course of providing the Service. We process whatever sensitive Personal Information appears in Content only as needed to provide the Service to the Host, and we treat such Content as confidential.

Hosts who plan to use the Service in contexts that involve sensitive data — for example, a funeral home running tributes for many families — should satisfy themselves that they have an appropriate legal basis (typically explicit consent or another condition under GDPR Article 9 or analogous law) before doing so. The Service is not designed to receive Protected Health Information regulated by the U.S. Health Insurance Portability and Accountability Act (“HIPAA”); CelebrateReel does not currently sign Business Associate Agreements.

8. Guest uploaders & collection links

When a Host shares a collection link, anyone with the link can upload Content from a phone or computer without creating an Account. From those Guests we collect:

• the files they choose to upload and any caption they choose to type;
• file and request metadata necessary to ingest the upload (filename, MIME type, size, upload timestamp, IP address, user-agent);
• a session identifier so we can show the Guest their own uploads while the upload window is open.

We do not require Guests to provide a name or email. Any name or note a Guest types into a caption field is voluntary. The IP address and user-agent are stored as part of upload audit logs and used for abuse detection.

9. Host responsibility for guest notice

If you are a Host and you invite Guests to upload Content — or you upload photographs that contain images of other identifiable people — you are responsible for ensuring you have the appropriate legal basis to do so. You agree to:

• tell Guests, before they upload, that the Content will be processed by CelebrateReel as your service provider for the purpose of generating a video for your event, and link to (or summarize) this Privacy Policy;
• obtain any consents required under applicable law from individuals whose images, voices, or other personal information appear in the Content (for example, parental consent for minors);
• refrain from uploading Content that you do not have the right to share with the Service, or that you reasonably believe an identifiable subject would object to.

CelebrateReel may, but is not obligated to, surface a default Guest-facing notice in the upload UI. You remain responsible for the adequacy of notice and consent in your specific circumstances.

10. Children & minors

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the age of digital consent), and we do not knowingly create Accounts for them. Adults frequently upload photographs that include minors (school graduations, sports banquets, family celebrations). Where Content includes photographs of minors:

• we will not use such images for marketing, public-facing case studies, or AI training;
• we ask Hosts to obtain consent appropriate to the jurisdiction (e.g. parental consent under the U.S. Children’s Online Privacy Protection Act (“COPPA”) for children under 13);
• parents and guardians may request deletion of images of their child by contacting privacy@celebratereel.com; we will action the request promptly and notify the Host.

11. Deceased individuals & memorial content

The Service is regularly used to create memorial tributes. Some applicable laws (notably the European GDPR) do not extend to deceased persons; others (including some U.S. states and Canadian provinces) preserve specific rights for next-of-kin. We will respond reasonably to verified requests from a personal representative, executor, or surviving family member for deletion or export of memorial Content, even where not strictly required by law. Funeral-home customers operate under separate contractual terms regarding family authority.

12. Automated content moderation

Every uploaded photo is screened by Amazon Rekognition’s moderation classifier for categories such as explicit nudity, suggestive content, violence, drug use, hate symbols, and similar policy-violating imagery. Photos flagged by the classifier are excluded from the Render by default; the Host can review flagged photos in the project dashboard. This is automated processing within the meaning of GDPR Article 22, but it does not, on its own, produce legal effects on individuals or significantly similarly affect them; the Host retains the ability to manually re-include or exclude photos.

If you believe the classifier has incorrectly flagged Content that belongs to you, you can override the flag from the project dashboard or contact privacy@celebratereel.com for a manual review.

13. How we share information

We share Personal Information only as described below. We do not sell Personal Information for monetary consideration, and we do not knowingly “share” Personal Information for cross-context behavioral advertising as defined under California law.

• With Sub-processors who provide infrastructure, billing, communications, and analytics. See Section 14 for the current list.
• With recipients you direct — for example, when you share a Render link or download URL with another person.
• Between you and your Guests — uploaders may see other Guests’ uploads if a project is configured for shared visibility.
• For a corporate transaction. If CelebrateReel is involved in a merger, acquisition, financing diligence, reorganization, or sale of assets, Personal Information may be disclosed to advisors and counterparties subject to confidentiality, and to the buyer following the transaction.
• For legal reasons. We may disclose information if required by subpoena, court order, or other valid legal process; to enforce our Terms of Service; to prevent or address fraud, abuse, security, or technical issues; or to protect our rights, property, or safety, or that of our users or the public.
• With your consent in any other circumstance where we ask for it.

14. Service providers (sub-processors)

We engage the following service providers to process Personal Information on our behalf. Each is bound by contractual obligations to handle Personal Information only on our instructions and consistent with this Policy. We may add or replace sub-processors from time to time; this list is current as of the effective date above.

Sub-processor	Purpose	Region(s)
Amazon Web Services (Inc.) — S3, RDS, App Runner, ECS, CloudFront, Cognito, Rekognition, SES	Hosting, storage, authentication, transactional email, content moderation, content delivery.	United States (us-east-1).
Stripe, Inc.	Payment processing, fraud prevention, subscription billing.	United States; global.
Google LLC (Google Analytics 4)	Aggregate analytics about use of the Service.	United States; global.
Cloudflare, Inc.	DNS, edge caching, denial-of-service protection.	Global.
Functional Software, Inc. (Sentry)	Error monitoring and crash diagnostics.	United States.

If you are a business customer who needs a Data Processing Addendum or a current sub-processor list with notification rights, contact privacy@celebratereel.com.

15. International data transfers

CelebrateReel is based in the United States and our servers are located in the United States. If you access the Service from outside the United States, your Personal Information will be transferred to, stored, and processed in the United States and other countries where our sub-processors operate. Those countries may have data-protection laws that differ from those in your country of residence.

For transfers from the European Economic Area, the United Kingdom, and Switzerland to the United States, we rely, where applicable, on the European Commission’s Standard Contractual Clauses (and the UK Addendum / Swiss equivalents) executed with our U.S. sub-processors, and on additional safeguards such as encryption in transit and at rest. Where a sub-processor is certified under the EU-U.S. Data Privacy Framework, the UK Extension, or the Swiss-U.S. Data Privacy Framework, we may rely on those frameworks as well. Specific transfer mechanisms are being reviewed by counsel.

16. Cookies & similar technologies

We use cookies and similar technologies (browser local storage, session storage, server-set tokens) for the categories described below. Where required by law, we will request your consent before setting non-essential cookies; you can manage your preferences from the cookie banner (when shown) or your browser settings.

Category	Purpose	Examples
Strictly necessary	Authentication, session continuity, CSRF protection, load balancing, security.	Flask session cookie, Cognito tokens, request-ID storage.
Functional	Remember your preferences (e.g. default event type, brand colors).	Local storage on the project dashboard.
Analytics	Understand usage patterns in aggregate. We instruct GA4 to anonymize IP addresses.	Google Analytics 4 cookies.
Advertising	None at this time. We do not currently use cookies for cross-site advertising.	—
Attribution (functional)	First-touch ad-campaign attribution — which advertisement first introduced a new visitor to CelebrateReel. Random opaque token only; no IP, no PII. Server-set only — never read or written by JavaScript. Not set for visitors in the EU/UK/EEA or for browsers signaling Global Privacy Control.	cr_attribution

You can also send the Global Privacy Control (“GPC”) signal from your browser; we treat a GPC signal from a recognized browser as an opt-out of any “sale” or “sharing” of Personal Information for the device or browser sending it.

Tracking & Attribution Cookies

We use one first-party cookie, cr_attribution, to record which advertising campaign (if any) first introduced you to CelebrateReel. The cookie value is a randomly-generated opaque token; it does not contain or derive from your IP address, browser fingerprint, or any other personal information. The cookie is read and written only by our application server — never by client-side JavaScript.

• Cookie name: cr_attribution
• Scope: app.celebratereel.com only. We set the cookie with no Domain= attribute, so it does not extend to our marketing site (celebratereel.com) or any other subdomain.
• Retention: 30-day rolling window. The cookie is non-overwriting — if a value is already present, subsequent ad clicks do not replace it (first-touch wins for the lifetime of the cookie).
• Geographic restriction: we do not set this cookie for visitors detected in the European Union, the European Economic Area, or the United Kingdom. We use the CloudFront-Viewer-Country request header to make this determination. Click events are still logged for aggregate counting, with the attribution value left blank.
• Global Privacy Control: we honor the Sec-GPC: 1 request header. When your browser or extension sends this header, we do not set the cookie, regardless of geography.
• What it can be used for: aggregate measurement of which campaigns convert to signup and to revenue. The campaign mapping lives entirely in our server-side database; the cookie value alone, in isolation, identifies nothing.
• What it is never used for: cross-site tracking, building behavioral profiles, sharing with third-party advertising networks, or any “sale” or “sharing” of Personal Information under U.S. state privacy law.

You can clear this cookie at any time from your browser’s site-data settings; doing so simply means future ad-click attribution starts fresh on your next click. See section 20 for your rights to access, correct, and delete Personal Information we hold about you.

17. Marketing & communications

Transactional messages (account verification, password reset, render-ready alerts, billing receipts, post-event reminders, security notices) are part of the Service and cannot be opted out of without closing your Account.

If you opt in to marketing emails, you can opt out at any time using the “Unsubscribe” link at the bottom of the email or by emailing privacy@celebratereel.com. We honor opt-outs within ten business days. We do not send unsolicited marketing SMS.

Our outbound email is sent through Amazon SES with appropriate authentication (SPF, DKIM, DMARC) and complies with the U.S. CAN-SPAM Act, the Canadian Anti-Spam Legislation (“CASL”) where Canadian recipients receive a commercial message, and equivalent EU/UK rules.

18. Data retention

We retain Personal Information for the periods described below, after which we delete or de-identify it. Backup copies may persist for up to 35 days after deletion in keeping with our backup-retention policy.

Data	Retention
Active Account profile and authentication data	For the life of the Account.
Customer Content (uploaded photos, audio) and Renders	For the life of the project. Soft-deleted Content is hard-deleted approximately 30 days after deletion (configurable). Inactive consumer projects may be archived 365 days after final delivery.
Billing records and invoices	Seven years from creation, to satisfy U.S. tax recordkeeping requirements.
Stripe payment data	Per Stripe’s retention; we retain only the references and summaries described in Section 4.5.
Email and support correspondence	Three years from last contact, unless a longer period is reasonably necessary for an open matter.
Server logs (access logs, error logs)	90 days, then deleted or aggregated.
DMCA notices and counter-notices	For the life of the Service plus three years, to support repeat-infringer policy.
Closed Account audit trail (sub, email hash, deletion timestamp)	Indefinitely, to honor previous deletion requests if a re-signup attempt occurs.

You can request deletion of your Account and Customer Content at any time from Settings or by emailing privacy@celebratereel.com. We will action verified requests within thirty (30) days, except where retention is required by law (e.g. billing records).

19. Security

We use industry-standard technical and organizational measures to protect Personal Information, including:

• TLS 1.2+ for data in transit;
• AES-256 server-side encryption for S3 objects at rest;
• encryption at rest for the Postgres database (AWS RDS);
• least-privilege IAM and short-lived credentials for sub-processor access;
• multi-factor authentication for all administrative access to the production environment;
• centralized request-correlated logging and Sentry-based error monitoring;
• quarterly access reviews and on-incident credential rotation.

No system can be guaranteed completely secure. You are responsible for the strength of your password and for keeping your authentication factors confidential. If you believe an Account has been compromised, contact us immediately at security@celebratereel.com.

20. Your rights & choices

Subject to applicable law, you have the following rights with respect to your Personal Information. We do not discriminate against you for exercising any of these rights.

• Access — request confirmation of what Personal Information we hold about you and a copy in a portable format.
• Correction — request that inaccurate or incomplete Personal Information be corrected.
• Deletion — request deletion of your Personal Information.
• Portability — request a copy of certain Personal Information in a structured, commonly used, machine-readable format.
• Objection / opt-out — object to processing based on legitimate interests, including direct marketing.
• Restriction — request that we restrict certain processing (for example, while a correction request is being assessed).
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Automated decisions — request human review of automated decisions that produce legal or similarly significant effects on you.
• Authorized agent — appoint an agent to exercise these rights on your behalf, subject to verification.
• Appeal — appeal a denial of any of the above where applicable law gives you that right (see Section 22).

To exercise any of these rights, email privacy@celebratereel.com from the email address associated with your Account, or use the in-app export / deletion controls in Settings. We will verify your identity before fulfilling rights requests; for sensitive requests we may ask for additional confirmation. We respond within the time limits required by applicable law (typically 45 days under California law, with one 45-day extension; one month under GDPR, extendable by two months for complex requests).

21. California privacy notice

This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

21.1 Notice at collection

The categories of Personal Information we collect, the sources, the purposes for which we use them, the categories of third parties to whom they are disclosed, and the retention period are described in Sections 4–5, 6, 13–14, and 18 above. We collect the following statutory categories of Personal Information:

• identifiers (name, email, IP address, account identifiers);
• customer records (account credentials, billing summaries);
• commercial information (purchase history, project history);
• internet or other electronic network activity (usage logs, GA4 events);
• geolocation (approximate, IP-derived);
• visual and audio information (photographs, audio files uploaded by Hosts and Guests);
• professional or employment-related information (only if a Host volunteers it, e.g. funeral-home name);
• inferences (project type, user lifecycle stage).

We may collect “sensitive personal information” in the form of account credentials and, indirectly through Customer Content, information that may reveal religion or precise location. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA section 1798.121 without giving you the right to limit such use.

21.2 Sale and sharing

In the past 12 months we have not sold Personal Information for monetary consideration and have not knowingly “shared” Personal Information for cross-context behavioral advertising. To the extent that the use of GA4 is later determined to constitute “sharing” under CCPA, you can opt out by sending a Global Privacy Control signal, by emailing privacy@celebratereel.com, or by adjusting your cookie preferences when offered.

21.3 California rights

California residents have the right to know, delete, correct, opt out of sale / sharing, limit the use of sensitive Personal Information, and non-discrimination. See Section 20 for how to exercise these rights and Section 21.4 for appeals.

21.4 Appeals

If we deny your rights request, you may appeal by replying to our denial or emailing privacy@celebratereel.com with the subject line “Appeal.” We will respond within 45 days. If you remain dissatisfied, you may contact the California Privacy Protection Agency or the California Attorney General.

21.5 Shine the Light

California residents may request information about disclosures of Personal Information to third parties for direct-marketing purposes under California Civil Code section 1798.83. We do not currently make any such disclosures.

22. Other US state privacy laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Delaware (DPDPA), New Hampshire, New Jersey, Minnesota, Maryland, and other states with comprehensive privacy laws may have rights to access, correct, delete, port, and opt out of targeted advertising, sale, and certain profiling. To exercise those rights, follow the procedures in Section 20. Where a state law provides an appeal right, follow the procedure in Section 21.4. Nevada residents may opt out of the sale of certain covered information under NRS 603A; we do not currently engage in such sales.

23. European Economic Area, United Kingdom & Switzerland

If you are located in the EEA, the United Kingdom, or Switzerland:

• your rights are described in Section 20; the legal bases on which we rely are described in Section 6;
• you have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner’s Office at ico.org.uk; in Ireland, the Data Protection Commission at dataprotection.ie);
• international transfers are described in Section 15.

24. Canada

If you are located in Canada, this Policy is provided to satisfy our obligations under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and provincial laws including Quebec’s Law 25, the British Columbia and Alberta PIPAs, and the Consumer Privacy Protection Act when in force. Quebec residents may exercise the right to data portability and the right to be forgotten through the procedures in Section 20.

25. Breach notification

If we become aware of a security incident that compromises the confidentiality, integrity, or availability of Personal Information, we will investigate, take reasonable steps to mitigate, and notify affected individuals and regulators as required by applicable law. For GDPR-relevant breaches, this typically means notifying the lead supervisory authority within 72 hours of becoming aware. We maintain an incident-response runbook for this purpose.

26. Third-party links

The Service may contain links to third-party websites or services that we do not operate (for example, the Stripe checkout page, Google sign-in, or partner sites). This Policy does not apply to those third parties. We encourage you to read their privacy notices.

27. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top reflects the most recent version. For material changes — including changes that broaden the categories of Personal Information we collect or the purposes for which we use them — we will provide at least seven (7) days’ advance notice through email or in-app notice before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy where permitted by law; where the change requires consent, we will ask for it.

28. Contact & complaints

To contact our privacy team, exercise any right described in this Policy, ask a question, or file a complaint:

If you are in the EEA, the UK, or Switzerland and our response does not resolve your complaint, you may contact your local data-protection supervisory authority. If you are in California, you may contact the California Privacy Protection Agency.