Privacy Policy

Introduction

At ExtraBuddy, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform to connect with others for events and activities.

By using ExtraBuddy, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Information You Provide to Us

• Account Information: When you create an account, we collect your email address, name, and authentication information (via Firebase Authentication or Google OAuth).
• Profile Information: This includes your birthday, location (city), about section, profile photos, personality type, interests (movies, books, activities, sports, places), bucket list items, and other information you choose to share in your profile.
• Spotify Integration: If you choose to connect your Spotify account, we collect your top artists, songs, and related music preferences. We store Spotify access tokens securely to enable this integration.
• Communication Data: When you contact us or use our services, we collect the information you provide, including messages and feedback.
• Waitlist Information: If you join our waitlist, we collect your email address and any other information you provide during registration.

Information Collected Automatically

• Usage Analytics: We use Vercel Analytics to collect anonymous usage statistics, including page views and website performance metrics. This service does not use cookies or collect personally identifiable information.
• Device Information: We may collect information about your device, browser type, and operating system to ensure our service works properly.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Authenticate your identity and manage your account
• Match you with other users based on your preferences and interests
• Send you service-related communications (account updates, security alerts)
• Send you marketing communications, if you have consented (you can unsubscribe at any time)
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Cookies and Tracking Technologies

We use minimal, essential cookies to provide our service:

• Authentication Cookie (userId): This essential cookie is used to identify you when you log in, enabling server-side authentication and session management. This cookie is strictly necessary for the website to function and does not require your consent.

Analytics: We use Vercel Analytics for website analytics, which uses server-side tracking and does not set any cookies on your device. This service collects anonymous usage data to help us understand how our website is used and improve user experience.

We do not use marketing cookies, advertising cookies, or any other tracking technologies that require your consent.

Third-Party Services

We use the following third-party services that may process your data:

• Google Firebase: We use Firebase Authentication for user authentication, Firebase Firestore for data storage, and Firebase Storage for profile images. Google's privacy policy applies to their services.
• Vercel Analytics: Used for anonymous website analytics (no cookies, no personal data collection).
• Resend: Used for sending transactional and marketing emails. Your email address and preferences are stored in Resend's system if you consent to marketing communications.
• Spotify: If you connect your Spotify account, Spotify's privacy policy applies to their authentication and data sharing. We only access the data you explicitly authorize (top artists, songs, music preferences).
• Google OAuth: If you sign in with Google, Google's privacy policy applies to the authentication process.

These third parties are required to handle your data in accordance with their own privacy policies and applicable data protection laws.

Data Storage and Security

Your data is stored securely using Firebase (Google Cloud Platform) with industry-standard security measures. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: You can request access to the personal data we hold about you.
• Correction: You can update your profile information directly through your account settings at any time.
• Deletion: You can request deletion of your account and associated data by contacting us.
• Portability: You can request a copy of your data in a structured, machine-readable format.
• Objection: You can object to certain processing of your personal data.
• Withdraw Consent: If we process your data based on consent, you can withdraw your consent at any time.
• Email Preferences: You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data, except where we are required to retain it for legal or regulatory purposes.

Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights regarding your personal data, please contact us:

• • Via our contact form
• • By visiting our contact page: /contact