Privacy Policy

Effective date: 20 March 2026

This Privacy Policy describes how the DUXME project (“we”, “us”) processes personal data when you use DUXME (“Service”).

Controller: the individuals operating the DUXME project. Contact: see below. We process data to provide the Service, secure it, and comply with law.

1. Data we collect

Depending on how you use the Service, we may process:

  • Account data: email address, username, and authentication identifiers from our auth provider (Supabase). If you use social login (e.g. Google), the provider shares profile information according to your consent and their policies.
  • User Content: maps, places, categories, descriptions, images, and other content you add.
  • Usage and technical data: IP address, device/browser type, approximate location derived from IP, timestamps, and similar diagnostics.
  • Communications: messages you send us (e.g. support) and, if you opt in, your subscription to newsletters or product updates.
  • Payment-related data: when you purchase paid features, Polar processes payment details; we typically receive limited billing metadata (e.g. subscription status, transaction identifiers) rather than full card numbers.

2. How we use data

  • Provide, maintain, and improve the Service (including sync, sharing, and search).
  • Authenticate you, prevent fraud and abuse, and secure the Service.
  • Communicate with you about the Service, security, or legal notices.
  • Send marketing or product emails only if you have opted in; you can unsubscribe anytime.
  • Analyze usage in aggregated or pseudonymous form to understand product performance.
  • Comply with legal obligations and enforce our Terms of Service.

3. Analytics and cookies

We use PostHog for product analytics and error reporting. Our configuration is intended to minimize direct identification: we aim to use anonymous or pseudonymous identifiers rather than tying analytics to your real name or email. Session replay or similar features, if enabled, are used only as configured in our PostHog project settings.

If we change analytics to identify logged-in users by user ID or similar, we will update this Policy accordingly.

The Service may use cookies or local storage for session, preferences, and analytics. You can control cookies through your browser settings; some features may not work without necessary cookies.

4. Google services

When you use map, search, or import features, data such as queries and place selections may be sent to Google under Google’s terms. Google processes that data as described in Google’s privacy documentation. We do not control Google’s processing.

5. Sharing and subprocessors

We share data with service providers who help us run the Service (“subprocessors”), including:

  • Supabase (hosting, database, authentication).
  • Polar (payments and billing for paid features).
  • Resend or similar providers (transactional and, where applicable, marketing email delivery).
  • PostHog (analytics and error reporting).
  • Google (Maps Platform / Places as applicable).
  • Hosting and infrastructure providers (e.g. Vercel) where the app is deployed.

6. International transfers

Some subprocessors may process data outside your country (including the United States). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, in addition to provider terms.

7. Retention

We keep data as long as needed to provide the Service and for legitimate purposes (security, legal claims, accounting). You may request deletion of your account and associated personal data subject to legal retention requirements.

8. Your rights

Depending on your location (including the EEA/UK), you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. You may withdraw consent for marketing at any time.

To exercise rights, contact us below. You may also lodge a complaint with your local data protection authority.

9. Children

The Service is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children.

10. Changes

We may update this Policy; we will change the effective date above. For material changes, we may provide additional notice (e.g. in-app or by email).