Privacy Policy

1. Introduction

Welcome to Stylo ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our text transformation service.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

For the purposes of GDPR, the data controller is:

3. Data We Collect

3.1 Account Information

• Email address (when you sign up)
• Password (encrypted)
• OAuth provider information (if you sign in with Google)

3.2 Usage Data

• Text submitted for transformation (temporarily stored)
• Transformation type selected
• IP address (for rate limiting and security)
• Browser type and version
• Device information
• Usage statistics and patterns

3.3 Technical Data

• Cookies and similar tracking technologies
• Log files and analytics data
• Error reports and diagnostics

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide you with our text transformation services
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For cookies and marketing communications (where required)
• Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain our text transformation service
• To manage your account and authentication
• To process your text transformations using AI models
• To store your transformation history
• To enforce rate limits and prevent abuse
• To improve our services and develop new features
• To communicate with you about service updates
• To comply with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Until you delete your account, plus 30 days for backup retention
• Transformation History: Until you delete your account or individual transformations
• Input/Output Text: Stored in your transformation history; deleted when you delete your account
• Log Files: 90 days for security and troubleshooting purposes
• Usage Analytics: Aggregated and anonymized, retained indefinitely

7. Third-Party Services

We use the following third-party services that may process your data:

• OpenAI: For AI-powered text transformations (text is sent to OpenAI's API)
• Supabase: For authentication and database services (EU servers)
• Vercel: For hosting and content delivery (EU region)
• Google OAuth: If you choose to sign in with Google

All third-party processors comply with GDPR and have appropriate data processing agreements in place.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Other legally approved transfer mechanisms

9. Your GDPR Rights

Under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise any of these rights, please contact us at privacy@gostylo.app or use the "Delete Account" button in your dashboard settings.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Employee training on data protection

11. Cookies

We use cookies and similar technologies to improve your experience. For detailed information, please see our Cookie Policy.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

If you are located in the EU and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. You can find your authority's contact information at: https://edpb.europa.eu