Privacy Policy

1. Introduction

Groupello ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services at groupello.com (the "Service").

By using the Service, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

a) Information you provide directly

• Email address (required to create an account)
• Full name (optional, used for display purposes)
• Community listings you submit (name, description, invite link, images)
• Messages sent through our contact form

b) Information collected automatically

• Anonymized and hashed IP addresses (for rate limiting and abuse prevention — never linked to your identity)
• View and click counts on listings (aggregated statistics only)
• Browser session data via authentication cookies

c) Payment information

When you purchase Boost Tokens, payments are processed by Stripe. We do not collect, store, or have access to your credit card number, CVV, or banking details. Stripe provides us only with a transaction confirmation and the amount paid.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create, maintain, and manage your account
• To display and manage your submitted community listings
• To process payments and credit Boost Tokens to your account
• To send transactional emails (account confirmation, password reset, listing approval/rejection)
• To respond to contact form messages
• To detect and prevent fraud, abuse, and violations of our Terms of Service
• To improve the Service based on usage patterns

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4. Cookies and Tracking

We use a minimal set of cookies:

• Authentication cookies: Required to keep you logged in. These are session-based and expire when you log out or close your browser.
• We do not use advertising, marketing, or third-party tracking cookies.
• We do not use Google Analytics, Facebook Pixel, or similar tracking tools.

You can disable cookies in your browser settings, but this may prevent you from using authenticated features of the Service.

5. Data Storage and Security

Your data is stored securely using Supabase, which operates on AWS (Amazon Web Services) infrastructure. All data is:

• Encrypted in transit using TLS/SSL
• Encrypted at rest using AES-256 encryption
• Protected by role-based access controls and Row Level Security (RLS)

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Supabase — database, authentication, and file storage (Privacy Policy)
• Stripe — payment processing (Privacy Policy)
• Resend — transactional email delivery (Privacy Policy)
• Vercel — hosting and content delivery (Privacy Policy)

We are not responsible for the privacy practices of these third-party services. We encourage you to review their policies.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., payment records may be retained for up to 7 years as required by law).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a portable format
• Objection: Object to certain types of data processing

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information immediately. If you believe a child under 13 has submitted information to our Service, please contact us.

10. International Users

Our Service is operated from Canada and the data is stored on servers in the United States. If you are accessing the Service from outside North America, please be aware that your information may be transferred to, stored, and processed in countries where data protection laws may differ from those in your country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data on the legal basis of your consent (when you create an account) and our legitimate interests (improving the Service and preventing fraud).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our contact page. We take privacy concerns seriously and will respond promptly.