Privacy Policy

1. Introduction

Welcome to Viral Guru ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content intelligence platform and services.

By using Viral Guru, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), and display name when you create an account
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Content Preferences: Keywords, niches, genres, and content preferences you provide for report generation
• Communications: Messages you send to our support team or feedback you provide

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies and Tracking: Authentication cookies, session tokens, and analytics data
• Firebase Analytics: App performance, crash reports, and anonymous usage statistics

2.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your email address, name, and profile picture from Google
• Stripe: Payment confirmation, subscription status, and transaction details
• Public Data Sources: Viral content trends from YouTube, Reddit, Twitter/X, and news sources (no personal data)

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Generate personalized content reports based on your preferences
• Account Management: Create and maintain your account, process authentication
• Payment Processing: Handle subscriptions, one-time purchases, and billing
• Communications: Send report notifications, subscription updates, and customer support responses
• Improvement: Analyze usage patterns to improve our AI algorithms and platform features
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Contractual Necessity: Processing required to provide our services (Art. 6(1)(b) GDPR)
• Consent: You have given explicit consent for specific processing activities (Art. 6(1)(a) GDPR)
• Legitimate Interests: Processing necessary for our legitimate business interests (Art. 6(1)(f) GDPR)
• Legal Obligations: Compliance with legal requirements (Art. 6(1)(c) GDPR)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with trusted third parties who help us operate our services:

• Firebase/Google Cloud: Authentication, database storage, and hosting
• Stripe: Payment processing and subscription management
• Vercel: Platform hosting and content delivery
• Email Services: Transactional emails and report delivery

5.2 We DO NOT:

• Sell your personal information to third parties
• Share your data with advertisers or marketing companies
• Use your content preferences for purposes other than generating your reports
• Transfer data outside of secure, compliant service providers

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Firebase Security: Google-grade authentication and database security rules
• Access Controls: Limited employee access on a need-to-know basis
• Regular Audits: Security assessments and vulnerability testing
• Secure Payment Processing: PCI-DSS compliant payment handling via Stripe

7. Your Rights and Choices

7.1 All Users

• Account Access: View and update your account information in settings
• Email Preferences: Opt out of marketing emails (transactional emails required)
• Account Deletion: Request deletion of your account and associated data

7.2 GDPR Rights (EEA Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

7.3 CCPA Rights (California Users)

• Right to Know: Request disclosure of data collected and shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise any of these rights, contact us at privacy@viralguru.app

8. Data Retention

• Account Data: Retained while your account is active
• Reports: Stored for the duration of your subscription plus 90 days
• Payment Records: Kept for 7 years for tax and legal compliance
• Analytics Data: Aggregated and anonymized after 26 months
• Deleted Accounts: Personal data deleted within 30 days of account deletion (except legally required records)

9. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication and site functionality
• Analytics Cookies: Firebase Analytics for usage statistics (anonymized)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@viralguru.app.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We use Firebase/Google Cloud services with data centers worldwide. When transferring data from the EEA, we rely on:

• Google's compliance with the EU-U.S. Data Privacy Framework
• Standard Contractual Clauses approved by the European Commission
• Adequate security measures to protect your data

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Google OAuth Specific Disclosures

When you sign in with Google, we access only the following information:

• Your email address
• Your name
• Your profile picture (optional)

We use this information solely for authentication and account creation. Viral Guru's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. EU Representative

For users in the European Union, you may also contact our EU representative regarding data protection matters at eu-rep@viralguru.app.