Privacy Policy
Last updated: December 20, 2024
Effective date: December 20, 2024
Our Privacy Commitment
- We will never sell your personal information
- We will never share your data with data brokers
- We collect only what's necessary to provide our service
- You can delete your account and all data at any time
1. Introduction
The Product Report ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websitetheproductreport.org and use our services.
This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
2. Data Controller Information
For the purposes of data protection laws, The Product Report is the data controller responsible for your personal data. You can contact us at:
- Email: privacy@theproductreport.org
- Website: theproductreport.org/contact
3. Information We Collect
3.1 Information You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Email address, name, password (hashed) | Account creation and authentication |
| Payment Information | Card details (via Stripe), billing address | Process subscriptions and payments |
| Preferences | Saved products, reading history | Personalize your experience |
| Communications | Support inquiries, feedback | Respond to your requests |
3.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, search queries | Improve our service and content |
| Device Information | Browser type, operating system, screen size | Ensure compatibility and optimize experience |
| Log Data | IP address, access times, referring URLs | Security, fraud prevention, analytics |
3.3 Information We Do NOT Collect
- Your browsing history outside our service
- Precise location data (GPS)
- Device fingerprinting for advertising
- Third-party advertising tracking pixels
- Social media activity
- Health information beyond product preferences
4. Legal Bases for Processing (GDPR)
We process your personal data under the following legal bases:
- Contract Performance: To provide our services you've subscribed to
- Legitimate Interests: To improve our services and prevent fraud
- Consent: For marketing communications (you can withdraw at any time)
- Legal Obligation: To comply with applicable laws
5. How We Use Your Information
- Provide Services: Display product reviews, process subscriptions
- Personalization: Remember your preferences and saved products
- Communication: Send service updates, respond to inquiries
- Improvement: Analyze usage patterns to enhance our service
- Security: Detect and prevent fraud, unauthorized access
- Legal Compliance: Fulfill legal and regulatory obligations
6. Data Sharing and Third Parties
We do not sell your personal information. We share data only with service providers who help us operate our business:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Email, payment details | USA |
| Vercel | Website hosting | Access logs, IP addresses | USA |
| Google (OAuth) | Single sign-on authentication | Name, email (if you use Google login) | USA |
| Mixpanel | Product analytics | Usage events (anonymized) | USA |
| Sentry | Error monitoring | Error logs (anonymized) | USA |
All third-party providers are contractually obligated to protect your data and use it only for the specified purposes.
7. Cookies and Tracking Technologies
7.1 Essential Cookies
We use essential cookies required for our service to function, including:
- Authentication cookies to keep you logged in
- Session cookies to maintain your preferences
- Security cookies to prevent fraud
7.2 Analytics Cookies
With your consent, we may use analytics cookies to understand how you use our service. You can opt out at any time through our cookie consent banner.
7.3 No Advertising Cookies
We do not use advertising or tracking cookies. We do not participate in ad networks or retargeting programs.
8. Data Retention
We retain your personal data for the following periods:
- Active Account: As long as your account is active
- After Cancellation: 30 days after you cancel (in case you change your mind)
- After Deletion Request: Deleted within 30 days, except where required by law
- Payment Records: 7 years (for tax and legal compliance)
- Security Logs: 90 days
9. Your Privacy Rights
9.1 Rights for All Users
Regardless of your location, you have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Portability: Receive your data in a machine-readable format
- Opt-Out: Unsubscribe from marketing communications
9.2 Additional Rights for EU/EEA Residents (GDPR)
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Lodge Complaint: File a complaint with your local supervisory authority
California Privacy Rights (CCPA)
California residents have additional rights under CCPA:
- • Right to know what personal information is collected
- • Right to know if personal information is sold or disclosed
- • Right to opt-out of the sale of personal information
- • Right to non-discrimination for exercising privacy rights
We do not sell your personal information.
9.3 How to Exercise Your Rights
To exercise any of your privacy rights, contact us at privacy@theproductreport.org. We will respond within 30 days (or 45 days for CCPA requests).
10. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data is transmitted over HTTPS/TLS 1.3
- Encryption at Rest: Sensitive data is encrypted in our databases
- Access Controls: Strict role-based access to personal data
- Password Hashing: Passwords are hashed using bcrypt
- Regular Audits: Periodic security reviews and updates
11. International Data Transfers
Our services are hosted in the United States. If you are accessing our service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the USA.
For EU/EEA users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers.
12. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification to registered users
- Displaying a notice in our app
Your continued use of the service after changes become effective constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
- Email: privacy@theproductreport.org
- General Inquiries: support@theproductreport.org
- Website: theproductreport.org/contact