Privacy Policy

1. Introduction

Buy Me A Rose ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This policy applies to all users of Buy Me A Rose, including both supporters and creators. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Create an account: Name, email address, password, profile photo
• Become a creator: Display name, bio, social media links, creator slug/username
• Make payments: Payment information (processed by Stripe), billing address
• Interact with creators: Comments, posts, messages, shoutouts
• Submit requests: Commission details, project descriptions
• Contact us: Support inquiries, feedback, correspondence

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: Pages visited, features used, time spent, interactions
• Location data: General location based on IP address
• Cookies and tracking: See our Cookie Policy for details

2.3 Information from Third Parties

We may receive information from third-party services:

• OAuth providers: Google, GitHub (name, email, profile photo)
• Payment processors: Stripe (transaction data, payment method info)
• Analytics services: Aggregated usage statistics

3. How We Use Your Information

We use your information to:

3.1 Provide the Service

• Create and manage your account
• Process payments and subscriptions
• Enable creator-supporter interactions
• Deliver purchased content and extras
• Facilitate commission requests
• Send transactional emails and notifications

3.2 Improve and Personalize

• Analyze usage patterns and trends
• Develop new features and functionality
• Personalize your experience
• Recommend relevant creators and content

3.3 Communicate with You

• Respond to support inquiries
• Send important Service updates
• Notify you of new features
• Send marketing communications (with consent)

3.4 Security and Legal Compliance

• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect user safety and rights

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

• Contract performance: To provide the Service you requested
• Legitimate interests: To improve the Service, prevent fraud, and ensure security
• Consent: For marketing communications and optional features
• Legal obligations: To comply with applicable laws and regulations

5. How We Share Your Information

5.1 Public Information

The following information is publicly visible:

• Creator profiles (name, bio, social links, content)
• Public posts and comments
• Supporter leaderboards (if you opt in)
• Public shoutouts and messages

5.2 With Other Users

When you support a creator, they can see:

• Your name and profile photo
• Amount and frequency of support
• Messages and comments you send
• Your membership tier

5.3 Service Providers

We share data with trusted third parties who help us operate:

• Stripe: Payment processing
• Resend: Email delivery
• Cloudflare R2: File storage
• Typesense: Search functionality
• Vercel: Hosting and infrastructure

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.4 Legal Requirements

We may disclose your information if required by law, including:

• Responding to subpoenas, court orders, or legal processes
• Enforcing our Terms of Service
• Protecting the rights, property, or safety of Buy Me A Rose, users, or others
• Preventing fraud or criminal activity

5.5 Business Transfers

If Buy Me A Rose is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any such change.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we will delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., financial records, fraud prevention).

7. Your Privacy Rights

7.1 All Users

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Opt-out: Unsubscribe from marketing emails
• Data portability: Receive your data in a structured format

7.2 GDPR Rights (EEA Users)

Additional rights under GDPR:

• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Revoke consent for optional processing
• Lodge a complaint: Contact your data protection authority

7.3 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Opt-out of the sale of personal information
• Request deletion of personal information
• Non-discrimination for exercising privacy rights

Note: We do not sell your personal information.

7.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@buymearose.com. We will respond within 30 days (GDPR) or 45 days (CCPA).

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and assessments
• Access controls and authentication
• Employee training on data protection

However, no system is 100% secure. We cannot guarantee absolute security of your information.

9. International Data Transfers

Buy Me A Rose operates globally, and your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses approved by the European Commission
• Data processing agreements with service providers
• Compliance with Privacy Shield frameworks (where applicable)

10. Children's Privacy

Our Service is not intended for users under 18 years old (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we learn we have collected data from a child without parental consent, we will delete it promptly.

If you believe a child has provided us with personal information, contact us at privacy@buymearose.com.

11. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

13. Marketing Communications

We may send you promotional emails about new features, creator highlights, and platform updates. You can opt out at any time by:

• Clicking "unsubscribe" in any marketing email
• Adjusting your notification preferences in account settings
• Contacting us at privacy@buymearose.com

Note: You cannot opt out of transactional emails (e.g., payment confirmations, security alerts).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

• Email to your registered address
• Prominent notice on the Service
• Updated "Last Modified" date

Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us: