Privacy Policy for Flucks

SOMATÓRIO CELESTIAL UNIPESSOAL LDA. ("Flucks," "we," "us," or "our") respects your privacy and is committed to protecting the personal data of our users ("you" or "user"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By using Flucks, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the app.

1. General Information

1.1 Who We Are

• Flucks is owned and operated by SOMATÓRIO CELESTIAL UNIPESSOAL LDA., a company registered in Portugal.
• We comply with GDPR (EU) and CCPA (California, U.S.) regulations.

1.2 Scope of This Privacy Policy

• This Privacy Policy applies globally to all users.
• Users will be notified of any changes to this policy via email at least 30 days before changes take effect.

2. Data Collection & User Information

2.1 What Data We Collect

We collect the following personal data:

• User Account Information: Username, email, birthdate.
• Profile Information: Gender, location (if enabled), profile photos.
• Spotify Data: Spotify email, playlist IDs, song IDs, artist names, and audio features.
• Usage Data: Session duration, crash reports, app version, operating system, in-app navigation, and feature usage.

2.2 How We Collect Data

• Direct User Input: Registration, profile updates, and interactions with the app.
• Automatic Data Collection: Analytics tools (PostHog), tracking technologies, and Spotify API integration.
• User Consent Required: We request user consent before collecting location data or connecting to Spotify.
• Users cannot opt out of data collection but can modify or remove some data later.

3. Data Storage & Security

3.1 Where Your Data Is Stored

• Data is stored on DigitalOcean servers and Bunny.net (for photos).
• No backup copies of user data are stored.

3.2 How We Protect Your Data

• Data is encrypted at rest and in transit to prevent unauthorized access.
• Flucks does not implement role-based access control (RBAC) for employees.

3.3 Data Retention & Deletion

• Data is stored until the user deletes their account or after 1 year of inactivity.
• Users can request account deletion, and all data will be removed within 3 days (5 days for Spotify data).

4. Data Sharing & Third-Party Integrations

4.1 Who We Share Your Data With

• Spotify API: To authenticate users and display playlists.
• PostHog: For usability analytics (aggregated, non-personal data).

4.2 What Data Is Shared

• We only share analytics data and do not share personal user data (email, playlists, preferences) with third parties.

4.3 Opting Out of Data Sharing

• Users can disable PostHog tracking but cannot opt out of essential data sharing for Spotify integration.
• Users can disconnect Spotify and delete associated data as per the End User Agreement (EUA).

5. User Rights & Compliance

5.1 Your Rights Under GDPR & CCPA

• Users have the right to:
  • Access, modify, delete, and restrict processing of personal data.
  • Opt out of analytics tracking (affects only future tracking).
  • Request a copy of their stored data in a machine-readable format (JSON, CSV).

6. Cookies & Tracking Technologies

• Do We Use Cookies? No, Flucks does not use first-party or third-party cookies.
• User behavior tracking is conducted through PostHog analytics only.
• Do We Provide a Cookie Consent Banner? No, since we do not use cookies, a consent banner is not required.

7. Legal Disclaimers & Contact Information

7.1 Limitations of Liability

• Flucks is not responsible for security breaches involving Spotify, PostHog, DigitalOcean, or Bunny.net.

7.2 Contact Us

Email: [email protected]

Website: www.flucks.app

By continuing to use Flucks, you acknowledge that you have read, understood, and agreed to this Privacy Policy.