Privacy Policy

1. Data Controller

2. Personal Data We Collect

2.1 Account Registration

• Email address
• Password (encrypted)

When you register using Google or LinkedIn authentication, we only retrieve your email address from these services. We do not access your contacts, profile details, or any other data from these third-party accounts.

2.2 Payment Information

Payments are processed by Stripe, Inc. We do not store your credit card details or full payment information on our servers. Stripe processes and stores your payment data in accordance with PCI-DSS standards.

2.3 Automatically Collected Data

• IP address
• Browser type and version
• Pages visited and interaction data
• Date and time of access
• Referring website

This data is collected through Google Analytics and session cookies for the purpose of improving the Platform and understanding usage patterns.

3. Purpose and Legal Basis for Processing

• Account creation and management — Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
• Processing subscription payments via Stripe — Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
• Sending service-related communications — Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
• Analysing website usage through Google Analytics — Legal basis: Legitimate interest (Article 6(1)(f) GDPR) or consent where required
• Preventing fraud and ensuring platform security — Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

4. Cookies and Tracking Technologies

4.1 Essential Cookies

These cookies are necessary for the Platform to function. They include session cookies managed by Supabase for user authentication and login persistence. These cookies cannot be disabled.

4.2 Third-Party Authentication Cookies

When you sign in using Google or LinkedIn, these services may set cookies during the authentication process. These cookies are governed by the respective privacy policies of Google and LinkedIn.

4.3 Payment Cookies

Stripe may set cookies for fraud prevention and payment processing purposes. These cookies are governed by Stripe's Cookie Policy.

4.4 Analytics Cookies

We use Google Analytics to understand how visitors interact with our Platform. Google Analytics uses cookies to collect anonymous usage data. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On.

You can manage your cookie preferences through the cookie consent banner displayed when you first visit the Platform.

5. Data Storage and Security

• User account data and database content: hosted on Supabase and Modal, with servers located in the United States.
• Payment data: processed and stored by Stripe, Inc., with servers in the United States.
• Website hosting: provided by Netlify, Inc., with servers located in the United States.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including encryption of passwords and use of secure HTTPS connections.

6. International Data Transfers

As our Company is based in Hong Kong and our service providers are primarily based in the United States, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

For transfers of personal data of EEA residents, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable

7. Data Retention

• Account data: retained for the duration of your account. Deleted within 30 days of account deletion request.
• Payment records: retained as required by applicable tax and accounting laws (typically 7 years).
• Analytics data: retained in accordance with Google Analytics' data retention settings.

8. Your Rights

8.1 Under the GDPR (EEA Residents)

• Right of access: obtain a copy of your personal data.
• Right to rectification: request correction of inaccurate data.
• Right to erasure: request deletion of your personal data.
• Right to restriction of processing: request that we limit how we use your data.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: with a supervisory authority in your country of residence.

8.2 Under the PDPO (Hong Kong)

• Right of access: request access to your personal data held by us.
• Right to correction: request correction of your personal data.

To exercise any of these rights, please contact us at ophelie@blueshift-solutions.com. We will respond to your request within 30 days.

9. Third-Party Services

• Supabase (authentication, database hosting)
• Stripe (payment processing)
• Google Analytics (website analytics)
• Google (OAuth authentication)
• LinkedIn (OAuth authentication)
• Netlify (website hosting)
• Modal (data processing)

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete such data promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us