Privacy Policy
Effective May 9, 2024
This Privacy Policy applies to the website substacktools.com and all its subdomains (the “Sites”), together with the substacktools web applications and services (the “Services”), owned and operated by Lukas Hermann (Sole Proprietor Business, collectively, “Lukas Hermann”, “we”, “us”, or “our”). This Privacy Policy describes how we collect, use, share, and secure the personal information you provide to us. It also describes your choices regarding use, access, correction, and deletion of your personal information.
1. Definitions
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
The marketing site refers to all public-facing informational pages on our website. This includes content such as homepage, about us, contact information, product descriptions, blog posts, and support resources. Essentially, it’s any part of the site accessed from the main substacktools.com domain that provides information about our products and services but does not require user login or interaction with the core functionalities of the web application.
The web application consists of all functional pages that require user authentication and are part of the substacktools service delivery. This includes, but is not limited to, user dashboards, team management interfaces, personal profile settings, and room controls for live events. The web application is primarily accessed through URLs starting with /auth/
, /team/
, /user/
, /plan/
, /r/
, and /q/
. These pages provide the interactive components of substacktools where users can manage their accounts, collaborate with team members, and control event timing settings.
2. What Data We Collect
We collect both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
We do not sell your personal information or any data you enter into our Services in any way.
Third-party Services and Sub-processors
We share certain information with companies that may be considered our “sub-processors” under GDPR. This information is limited to the following:
Required for the Marketing Site
The following services are required for the operation of the substacktools marketing site:
- Resend: We use Resend to send transactional emails. Privacy Policy of Resend.
Company | Purpose | Information Collected |
---|---|---|
Resend | Email delivery |
Required for the Web Application
The following services are required for the operation of the substacktools web application:
- Supabase: We use Supabase to store user information, authenticate users, and host edge functions. Privacy Policy of Supabase.
- Paddle: We use Paddle to handle payments and subscriptions. Privacy Policy of Paddle.
Company | Purpose | Information collected |
---|---|---|
Supabase | Hosting infrastructure | IP address, email, name, profile picture |
Paddle | Payment provider | IP address |
Please note that Supabase only receives your personal information when and after you create a user account with substacktools.
Please note that Paddle only receives your personal information when you make a purchase.
Optional Services
The following services are optional and are strictly opt-in:
- Google Analytics: We use Google Analytics to collect visitor statistics. (Opt-In through cookie notice.) Privacy Policy of Google Analytics.
Company | Purpose | Information Collected |
---|---|---|
Google Analytics | Analytics | IP address |
3. How We Collect Information
We collect the following personal information from you:
Information That You Provide to Us About Yourself
When you sign up for the Services, we request information such as:
- Contact Information: such as name and email address.
- Unique Identifiers: such as username, account number or password.
- Business-Related Information: Company name, company size, and business type.
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with the purpose of providing you with our Service’s core features.
Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.
Information Collected Automatically
When you visit our website, our servers automatically log standard data provided by your web browser. This may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error occurred, and other technical information related to the problem. You may or may not receive notice of such errors, even in the moment they occur, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Information Collected After Opt-In Permission
Upon your consent, we use cookies and similar technologies to collect information about your location and your activities on our website, as well as information about your device and log information. This is described in more detail below. These technologies collect anonymized Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data.
You can control the use of cookies at the individual browser level. If you choose to disable cookies, it may limit your use of certain features or functions on our website or service. We do not use, or allow the use of, cookies or similar technologies in connection with your customers’ data. See our Cookie Policy.
4. Security
The security of your personal information is important to us. We implement adequate measures to protect the personal information submitted to us, both during transmission and once it is received. We take steps to ensure that all source code, files and data remain private and confidential. Due to the sensitive nature of source code we take this very seriously and make it our primary concern for all customers. We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. If you have any questions about the security of your personal information, you can contact us at the contact information below.
5. Rights with respect to your information
You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Your rights
- Withdraw your consent at any time. You have the right to withdraw consent where your have previously given your consent to the processing of your Personal Data.
- Object to processing of your Data. You have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent.
- Access your Data. You have the right to learn if Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. You have the right to verify the accuracy of your Data and ask for it to be updated or corrected.
- Restrict the processing of your Data. You have the right, under certain circumstances, to restrict the processing of your Data. In this case, we will not process your Data for any purpose other than storing it.
- Have your Personal Data deleted or otherwise removed. You have the right, to obtain the erasure of your Data from us.
- Receive your Data and have it transferred to another controller. You have the right to receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on your consent, on a contract which you is part of or on pre-contractual obligations thereof.
- Lodge a complaint. You have the right to bring a claim before your competent data protection authority.
How to exercise these rights
To exercise your rights, such as requesting or deleting your data, please contact us through the contact details provided below. Requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.
6. Data Retention
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. In certain circumstances, we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Even if you delete your account, keep in mind that deletion by our third-party providers may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time.
All data you enter into our Service will be deleted from our databases within 30 days of you deleting your account. Additionally, any remaining information will be removed from our backups within 3 months after account deletion. If you wish for your personal data to be completely removed from our customer relationship management platform and other third-party service, please send us an explicit request via email. Include your user details and a brief description of your request to facilitate the prompt processing of your data deletion.
7. Policy regarding children
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.
8. Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
9. Changes to this policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.