Privacy Policy

1. Introduction

Welcome to PEEPS ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices for the PEEPS mobile-first social commerce web application.

By using PEEPS, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our application.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, username, profile information (avatar, bio)
• Purchase Information: Product titles and brands, purchase costs and amounts, product ratings (1-5 stars), product images you upload, review text and comments, purchase dates and history, business expense classifications
• Social Interactions: Posts and comments, user follows and connections, engagement with other users' content

2.2 Automatically Collected Information

• Technical Information: Browser type and version, device information, IP address, session data and authentication tokens, cookies and similar tracking technologies, usage patterns and analytics data
• Application Usage Data: Features accessed, time spent on the application, purchase logging patterns, social feed interactions, search queries within the app, interaction with advertisements, inferred interests and preferences based on your activity

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Functionality

• Creating and managing your account
• Authenticating your identity
• Enabling purchase logging and tracking
• Displaying your purchase history and statistics
• Facilitating social connections and content sharing
• Processing and storing product reviews and ratings

3.2 Service Improvement

• Analyzing usage patterns to improve features
• Developing new features and services
• Troubleshooting technical issues
• Enhancing user experience

3.3 Communications

• Sending transactional emails (account verification, password resets)
• Sending marketing emails and newsletters (with your consent)
• Responding to your inquiries and support requests
• Notifying you of important updates or changes

3.4 Security and Legal Compliance

• Preventing fraud and unauthorized access
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting our rights and property

4. Data Sharing and Third-Party Services

4.1 Third-Party Service Providers

We share your information with the following third-party services:

• Google OAuth: Authentication services (Data Shared: Email address, basic profile information)
• Supabase: Database hosting, authentication, and file storage (Data Shared: All user data, purchase information, and uploaded images)
• Resend: Transactional email delivery (Data Shared: Email addresses and transactional email content)
• Loops.so: Marketing emails and newsletters (Data Shared: Email addresses and subscription preferences)
• Vercel: Application hosting and infrastructure (Data Shared: Technical data required for hosting)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to comply with legal processes, enforce our Terms of Service, or protect our rights, property, or safety, or the rights, property, or safety of our users or the public.

5. Data Storage and Security

5.1 Storage Location

• Database: Hosted on Supabase (PostgreSQL)
• File Storage: Supabase Storage for product images
• Application Hosting: Vercel

5.2 Security Measures

We implement industry-standard security measures to protect your data, including encryption of passwords and sensitive data, secure HTTPS connections, Row Level Security (RLS) on database tables, and secure session management via NextAuth.js.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account, all associated data will be permanently deleted from our systems.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Authentication cookies for maintaining your logged-in session and session tokens for security purposes. These cookies are necessary for the application to function.
• Analytics Cookies: Usage tracking to understand how users interact with our application and performance monitoring. These cookies help us improve our services.
• Preference Cookies: Store your settings and preferences and remember your choices for a better user experience.

6.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of PEEPS. To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

7. Your Privacy Rights

7.1 Rights for All Users

• Access: You can access your personal information through your account settings.
• Correction: You can update your profile information and purchase details at any time.
• Deletion: You can request account deletion, which will result in permanent removal of all your data.
• Data Portability: You can request a copy of your data in a structured, machine-readable format.
• Opt-Out: You can opt out of marketing communications at any time.

7.2 Profile Privacy

Important: By default, all user profiles on PEEPS are public. This means your username and profile information are visible to all users, your purchase history and reviews are visible to all users, and your followers and following lists are publicly visible.

8. Children's Privacy

PEEPS is not intended for users under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using PEEPS, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Social Features and Public Information

10.1 Public Content

Please be aware that purchase logs, reviews, and ratings you post are publicly visible by default. Comments and interactions on the social feed are visible to other users. Your purchase statistics and spending information may be visible on your public profile.

10.2 Think Before You Share

Do not share sensitive financial information, personal identification numbers, or other confidential information in your reviews or posts. Once posted, this information may be viewed by other users and cannot be easily removed from their view if they have already seen it.

11. Content Moderation and Account Termination

11.1 Community Standards

PEEPS is committed to maintaining a safe, respectful, and inclusive community. We reserve the right to remove content and/or terminate accounts that violate our community standards.

We may remove content or terminate accounts that contain or promote hate speech, discrimination, or harassment; pornography, sexually explicit content, or nudity; violence, threats, or content that incites harm; illegal activities or content; spam, scams, or fraudulent activity; misinformation that could cause harm; content that infringes on intellectual property rights; bullying, trolling, or targeted harassment; or any other content deemed detrimental to the community or platform.

11.2 Enforcement Actions

Depending on the severity and frequency of violations, we may take the following actions: content removal or hiding, temporary account suspension, or permanent account termination. In cases of illegal activity, we may report to law enforcement.

11.3 Appeal Process

If your content is removed or your account is suspended/terminated, you may appeal the decision by contacting our support team. We will review appeals within 5-10 business days.

11.4 Repeat Violations

Users with repeated violations of our community standards may face permanent account termination without warning.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our application with a new "Last Updated" date. Your continued use of PEEPS after such changes constitutes your acceptance of the updated Privacy Policy.

13. Third-Party Links

PEEPS may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

Some links on PEEPS may be affiliate links, meaning we may earn a commission if you make a purchase through these links. This does not affect the price you pay or our commitment to your privacy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our support portal. For data subject requests (access, deletion, correction), please use the contact form with "Privacy Request" in the subject line.

15. Data Protection Officer

For users in the EEA, you may contact our Data Protection Officer through our support portal.