Privacy Policy

We use the information we collect to:

• operate, maintain, secure, and improve the Service;
• authenticate you and prevent unauthorized access;
• process payments, renewals, cancellations, and refunds;
• respond to your requests, provide support, and communicate important service notices;
• detect, investigate, and prevent fraud, abuse, and security incidents;
• comply with legal obligations and enforce our Terms;
• with your consent, send product updates, tips, and marketing communications (which you can opt out of at any time).

We do not use your Content to train machine learning models. We do not sell your personal information. We do not share your Content with third parties except as strictly necessary to operate the Service, as described below, or as required by law.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases to process your personal data under the GDPR or UK GDPR:

• Contract: to provide the Service you requested.
• Legitimate interests: to secure, improve, and operate the Service, provided these interests do not override your rights.
• Consent: for optional communications and certain cookies.
• Legal obligation: to comply with applicable law and respond to lawful requests.

We share personal information only as described in this policy. We do not sell personal information.

• Service providers (processors): we use trusted third parties to provide hosting (Supabase), authentication, email delivery, payment processing, analytics, and customer support. They are contractually bound to protect your data and use it only on our instructions.
• Legal and safety: we may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of Poggle, our users, or the public.
• Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
• With your direction: when you connect the Service to third-party services (such as AI agents over MCP or API), we share the data you direct us to share within the scope you authorize.
• Aggregated or de-identified data: we may share aggregated or de-identified data that cannot reasonably be used to identify you.

We may process personal data in the United States and other countries that may have different data protection laws than your country. When we transfer personal data from the EEA, UK, or Switzerland, we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses, supplemented by additional safeguards where required.

We retain personal data for as long as your account is active or as needed to provide the Service. When you delete Content, we delete it from our active systems promptly and from backups in the ordinary course. We may retain certain information longer where required by law, for audit and security purposes, to resolve disputes, or to enforce our agreements. Version history and audit logs are retained according to the retention windows described in the Service.

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, encryption at rest for stored content, access controls, audit logging, and regular security reviews. No system is perfectly secure, however, and we cannot guarantee the security of information transmitted to or stored by the Service. You are responsible for keeping your account credentials confidential and for the security of your own devices.

Depending on where you live, you may have the following rights with respect to your personal data:

• Access the personal data we hold about you.
• Correction of inaccurate or incomplete data.
• Deletion of your personal data, subject to legal exceptions.
• Portability: receive your data in a structured, commonly used, machine-readable format (export is built into the Service).
• Restriction or objection to certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a data protection authority.

To exercise these rights, contact us at privacy@poggle.app. We may verify your identity before fulfilling your request. We will respond within the timeframe required by applicable law.

If you are a California resident, you have the right to know what personal information we collect, use, disclose, and retain, to request deletion, to correct inaccurate information, to opt out of any “sale” or “sharing” of personal information (we do neither), and to limit the use of “sensitive personal information.” You also have the right not to be discriminated against for exercising these rights. To exercise them, contact us at privacy@poggle.app.

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at privacy@poggle.app and we will take steps to delete it.

We do not use automated decision-making that produces legal or similarly significant effects on you without human involvement.

We do not currently respond to “Do Not Track” browser signals because no consistent industry standard has been adopted. You can control cookies through your browser settings; see our Cookie Policy for details.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy questions or to exercise your rights, contact us at privacy@poggle.app.