Privacy Policy

1. Introduction

OctoPicks ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website octopicks.com and use our services. This policy applies to all users worldwide and complies with applicable privacy laws including GDPR, CCPA, and similar regulations.

2. Information We Collect

2.1 Personal Information

• Email Address: When you create an account or subscribe to our service
• Payment Information: Processed securely by Stripe (we do not store payment details)
• Communication Data: When you contact us for support or inquiries

2.2 Automatically Collected Information

• Usage Analytics: Pages visited, time spent, click patterns (anonymized)
• Technical Data: IP address (anonymized), browser type, device information
• Cookies: Session cookies for authentication and analytics cookies (see Cookie Policy below)

2.3 Information We Do NOT Collect

• Social security numbers or government IDs
• Detailed financial information beyond payment processing
• Personal documents or files
• Location tracking or precise geolocation data

3. How We Use Your Information

• Service Provision: Provide access to premium content and features
• Account Management: Create and maintain your account
• Payment Processing: Process subscriptions and billing
• Communication: Send service updates, security alerts, and support responses
• Analytics: Improve our service through anonymized usage analysis
• Legal Compliance: Comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your data based on:

• Contract Performance: Providing the services you subscribed to
• Legitimate Interest: Analytics and service improvement (anonymized)
• Consent: Email communications (you can opt out anytime)
• Legal Obligation: Compliance with applicable laws

5. Information Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We only share information in these limited circumstances:

5.1 Service Providers

• Stripe: Payment processing (covered by Stripe's privacy policy)
• Analytics: Anonymized usage analytics for service improvement
• Hosting: Vercel for website hosting and infrastructure

5.2 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred with appropriate privacy protections.

6. Data Retention

• Account Data: Retained until account deletion or 3 years of inactivity
• Analytics Data: Anonymized data retained for 90 days maximum
• Payment Records: Handled by Stripe per their retention policies
• Communication Records: Support emails retained for 2 years for service quality

7. Your Privacy Rights

7.1 All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Opt-out: Unsubscribe from non-essential communications

7.2 EU/UK Users (GDPR Rights)

• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interest
• Complaint: File a complaint with your data protection authority

7.3 California Users (CCPA Rights)

• Know: What personal information we collect and how it's used
• Delete: Request deletion of personal information
• Opt-out: We don't sell personal information, so no opt-out needed
• Non-discrimination: Equal service regardless of privacy choices

8. Data Security

We implement industry-standard security measures:

• Encryption: All data transmitted using TLS/SSL encryption
• Access Controls: Limited access to personal data on need-to-know basis
• Secure Hosting: Infrastructure hosted on secure, SOC 2-compliant platforms
• Payment Security: PCI DSS-compliant payment processing through Stripe
• Regular Audits: Periodic security assessments and updates

9. Cookies and Tracking

We use cookies for:

• Essential Cookies: Required for login and service functionality
• Analytics Cookies: Anonymous usage tracking to improve our service

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

10. International Data Transfers

Your data may be processed in the United States. For EU users, we ensure adequate protection through standard contractual clauses and other appropriate safeguards as required by GDPR.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through our service. Your continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related questions or to exercise your rights: