ask her out← back

Privacy Policy

Last updated: 27 May 2026

⚠️ This is a starting template, not legal advice. Replace the [bracketed] placeholders with your real details and have a lawyer review it before launch (esp. EU consumer & GDPR rules).

This explains what personal data ask her out collects and how we use it. The data controller is [Your Company / Name], [address], contact [privacy@yourdomain].

1. Data we collect

  • Account: your email, name, and password (hashed) — via Supabase Auth.
  • Site content you create: crush name, messages, images/links, colors, song link.
  • Recipient answers: chosen day, time and food (no account needed for recipients).
  • Analytics events: page views, publishes, the traffic source (e.g. tiktok/instagram), and approximate country from your IP.
  • Referral data: your code and who signed up/converted through it.

2. Why we use it (legal basis)

To provide the Service and your account (contract); to email you link & answer notifications (contract); to run analytics and improve/secure the product and prevent abuse (legitimate interest). We do not sell your data.

3. Processors we use

Supabase (database & auth), Resend (transactional email), Giphy (GIF search), Vercel (hosting). These providers process data on our behalf under data-processing agreements.

4. Cookies & local storage

We use your browser’s local storage for your session id, traffic source, referral code, and to remember dismissed popups. Authentication uses essential cookies. We don’t use third-party advertising cookies unless you opt into marketing pixels.

5. Retention

Published sites and their answers are kept for 30 days, then expire. Account and analytics data are kept while your account is active or as needed for legal/financial records, then deleted.

6. Your rights

Under GDPR you can request access, correction, deletion, restriction, portability, and object to processing. Email [privacy@yourdomain]. You can also complain to your local data-protection authority (in Slovenia: Informacijski pooblaščenec).

7. International transfers

Some processors may store data outside the EU; where they do, transfers rely on Standard Contractual Clauses or an adequacy decision.

8. Children

The Service is not directed at children under 16. We don’t knowingly collect their data.

9. Contact

Privacy questions: [privacy@yourdomain].