Privacy Policy
1. Introduction
Welcome to Chxngelog ("we", "our", "us"), operated by Chxngelog Ltd. We are committed to protecting your personal information and ensuring that your privacy is respected. This Privacy Policy outlines how we collect, use, and share your data when you visit our website https://chxngelog.com and use our services.
At Chxngelog, we take your privacy very seriously and adhere to global data protection regulations, including the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and other applicable privacy laws worldwide. This policy aims to provide transparency about our data practices and help you make informed decisions about your personal information.
If you have any questions or concerns about our privacy practices, please do not hesitate to contact us at support@chxngelog.com.
2. Information We Collect
We collect various types of information in connection with the services we provide through Chxngelog. This includes:
-
Personal Data: When you create an account or interact with our services, we may collect personal information such as your full name, email address, and IP address. This data is primarily handled by Clerk Auth, which manages user authentication and account management.
-
Payment Information: For processing subscription payments, we collect information such as your name, postal address, and payment details. This data is managed by Stripe, our payment processing provider, which securely handles all payment-related information.
-
Image Uploads: If you upload images or files to our platform, these are processed and stored via Upload Thing. The data is stored securely and is only accessible by authorized parties.
-
Communication Data: We collect and process email communications through Resend, which handles the delivery of emails. This includes your email address and the content of your emails sent through our platform.
-
Analytics Data: We use Plausible Analytics to track and analyze usage patterns on our website. Plausible is a privacy-focused analytics tool that does not collect personal data or use cookies. All data is anonymized and does not identify individual users.
-
Contact Form Data: If you use our contact form, we collect your name and email address to respond to your inquiries or provide support.
-
Security and Rate Limiting: We use Upstash to manage rate limiting and enhance the security of our services. This involves processing IP addresses to prevent abuse and ensure the reliability of our platform.
By providing this information, you agree to its collection and use in accordance with this Privacy Policy.
3. How We Use Your Information
We use the information we collect for various purposes, including:
-
Account Management: We use your personal data, such as your name, email, and IP address, to create and manage your user account. This includes authentication, access control, and general account maintenance, which are handled by Clerk Auth.
-
Payment Processing: Your payment information, including name, postal address, and payment details, is used to process subscription payments. Stripe manages this data securely, ensuring that your payment information is protected and transactions are processed efficiently.
-
Image Upload and Storage: If you upload images or files to our platform, we use Upload Thing to handle and store these securely. This allows you to manage and access your uploaded content within our services.
-
Communication and Support: We use your email address and any content from your emails to manage communications with you. Resend handles the processing and delivery of these emails, ensuring that our communication is efficient and secure.
-
Analytics and Performance Tracking: We use Plausible Analytics to monitor and analyze how our website is used. This helps us understand user behavior, improve our services, and ensure our platform operates efficiently. Plausible is designed to protect your privacy by not collecting personal data or using cookies.
-
Rate Limiting and Security: To protect our platform from abuse and ensure its reliability, we use Upstash for rate limiting. This involves processing IP addresses to detect and prevent any malicious activities or excessive usage patterns.
-
Legal Compliance: We may use your information to comply with legal obligations, such as responding to legal requests or enforcing our terms and conditions.
We are committed to using your information responsibly and ensuring that it is only used for the purposes for which it was collected.
4. How We Share Your Information
We understand the importance of your privacy and are committed to only sharing your information in specific circumstances, as outlined below:
-
Service Providers: We engage trusted third-party service providers to perform certain functions on our behalf. These providers are only given access to the information necessary to carry out their services and are contractually obligated to protect your data. The key service providers we work with include:
- Clerk Auth: Manages user authentication and account management.
- Stripe: Handles payment processing, including secure management of payment information.
- Upload Thing: Responsible for processing and storing uploaded images and files.
- Resend: Manages email communications, including delivery and processing of emails.
- Plausible Analytics: Provides website analytics without tracking personal data, ensuring user privacy.
- Upstash: Implements rate limiting to protect the platform from abuse and ensure reliable service.
-
Legal Compliance: We may disclose your information to comply with legal obligations, such as responding to lawful requests by public authorities, including to meet national security or law enforcement requirements.
-
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
-
With Your Consent: In certain cases, we may share your information with third parties if you have provided explicit consent for us to do so.
We take appropriate measures to ensure that your data is protected and shared only when necessary and with the highest regard for your privacy.
5. International Data Transfers
Chxngelog operates globally, which means your personal information may be transferred to, and processed in, countries other than the one in which you reside. These countries may have data protection laws that are different from the laws of your country.
-
Data Transfers within the European Union (EU): If you are located in the EU, your personal data will be stored and processed in compliance with the General Data Protection Regulation (GDPR). For example, Plausible Analytics processes data exclusively within the EU, ensuring that your data remains protected under EU law.
-
Data Transfers Outside the European Union: Some of our service providers, such as Stripe and Resend, may process data in countries outside the EU, including the United States. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your personal data.
-
Your Rights: If your data is transferred outside of your country, you have the right to understand the safeguards we have in place to protect your information. You can contact us at support@chxngelog.com to learn more about these safeguards or to request a copy of the relevant contractual agreements.
We are committed to ensuring that your personal information is handled securely and in compliance with applicable data protection laws, regardless of where the data is processed.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or reporting obligations. The retention periods for your data are determined based on the following criteria:
-
Account Information: We retain your account information, such as your name and email address, for as long as your account remains active or as needed to provide you with our services. If you choose to delete your account, we will delete your personal data unless it is necessary to retain it for legal or regulatory reasons.
-
Payment Information: Payment details processed through Stripe are retained in accordance with Stripe’s data retention policies. We do not store your payment information directly; instead, Stripe handles this securely on our behalf.
-
Uploaded Content: Any images or files you upload via Upload Thing will be retained as long as your account is active or until you choose to delete them. Once deleted, this content is permanently removed from our systems.
-
Communication Data: Emails and related communications managed by Resend are retained for as long as necessary to provide support or for the duration of your use of our services.
-
Analytics Data: Data collected via Plausible Analytics is anonymized and does not include personal identifiers. This data is retained in accordance with Plausible’s data retention policies and is used for ongoing analysis to improve our services.
-
Legal Compliance: In some cases, we may need to retain your information for longer periods to comply with legal obligations, resolve disputes, or enforce our agreements.
You have the right to request the deletion of your personal information at any time, subject to certain legal restrictions. If you have any questions about our data retention practices, please contact us at support@chxngelog.com.
7. Your Rights
As a user of our services, you have specific rights regarding your personal information. Depending on your location, particularly if you are a resident of the European Union (under the General Data Protection Regulation - GDPR) or California (under the California Consumer Privacy Act - CCPA), you are entitled to certain rights regarding how your data is processed and stored. These rights include:
-
Right to Access: You have the right to request access to the personal information we hold about you. This includes details on how we use your information and whom we share it with. You can contact us at support@chxngelog.com to make such a request.
-
Right to Rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request correction or updates to your information.
-
Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (where applicable).
-
Right to Restrict Processing: In certain situations, you have the right to request that we restrict the processing of your personal data, such as when you contest the accuracy of the data or object to its use.
-
Right to Data Portability: You can request that we provide you with your personal data in a structured, commonly used, and machine-readable format, and you can ask us to transfer that data to another data controller.
-
Right to Object: You have the right to object to the processing of your personal data under certain conditions, particularly when we process your data for direct marketing purposes.
-
Rights Related to Automated Decision-Making: If we use automated decision-making processes that significantly affect you, you have the right to request human intervention or to challenge such decisions.
-
Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time.
-
Right to Lodge a Complaint: If you believe that we have infringed upon your data protection rights, you have the right to lodge a complaint with a data protection authority in your country.
If you would like to exercise any of these rights or learn more about them, please contact us at support@chxngelog.com. We will respond to your request in accordance with applicable data protection laws.
8. Security
We take the security of your personal information very seriously and implement a range of technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. Some of the key security practices we follow include:
-
Encryption: All data transmitted between your browser and our servers is protected using industry-standard encryption protocols (such as HTTPS). Additionally, sensitive information, such as payment details handled by Stripe, is encrypted both in transit and at rest.
-
Access Controls: Access to personal data is restricted to authorized personnel only, and is based on the principle of least privilege. We implement strict access controls and regularly review access permissions to ensure that only those who need access to your data have it.
-
Data Minimization: We collect only the data that is necessary to provide our services effectively. For example, Plausible Analytics operates without collecting personal data, ensuring that user privacy is maintained while still providing valuable insights into website performance.
-
Regular Security Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities in our systems. This includes reviewing our security practices, testing our infrastructure, and ensuring compliance with applicable data protection laws.
-
Incident Response Plan: In the event of a data breach, we have an incident response plan in place to quickly address and mitigate any potential damage. We will notify affected users and relevant authorities as required by law.
-
Secure Data Storage: Data stored by our third-party providers, such as Upload Thing and Upstash, is protected with robust security measures, including encryption and secure storage practices, to prevent unauthorized access.
Despite our efforts to protect your data, it is important to understand that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any concerns about the security of your data or suspect any unauthorized access to your account, please contact us immediately at support@chxngelog.com.
9. Children's Privacy
Chxngelog is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under the age of 16 without verifiable parental consent, we will take steps to delete that information from our records as quickly as possible.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at support@chxngelog.com. We will work with you to address any concerns and take appropriate action to ensure your child's privacy is protected.
We encourage parents and guardians to monitor their children's online activities and to help enforce this Privacy Policy by instructing their children never to provide personal information on this website without their permission.
10. Cookies and Tracking Technologies
Chxngelog uses cookies and similar tracking technologies to enhance your experience on our website, improve our services, and understand how you interact with our platform. However, we prioritize your privacy and ensure that our use of these technologies is in line with global data protection standards.
-
Cookies: Cookies are small data files that are placed on your device when you visit our website. These cookies help us recognize your device, remember your preferences, and improve your overall experience on our site. You can control how cookies are used by adjusting your browser settings, although this may impact your ability to use certain features of our services.
-
Plausible Analytics: We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies or collect personal data. Plausible provides us with aggregated, anonymized data about how visitors interact with our website. This allows us to improve our services without compromising your privacy. Since Plausible does not track individual users, no personal information is stored or shared.
-
Managing Cookies: Most web browsers allow you to control cookies through their settings preferences. You can choose to block or delete cookies, but please be aware that this might affect your ability to use certain parts of our website. For more detailed information on how to manage cookies, you can visit [your browser's help documentation].
-
Do Not Track: Some web browsers offer a "Do Not Track" (DNT) feature, which sends a signal to websites to request that your browsing activity is not tracked. Chxngelog does not currently respond to DNT signals due to the limitations of this technology, but we respect your privacy and do not track your online activity across third-party websites.
By using our website, you consent to the use of cookies and similar tracking technologies in accordance with this Privacy Policy. If you have any questions about our use of cookies or how to manage them, please contact us at support@chxngelog.com.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes to this policy, we will update the "Last Updated" date at the top of this page and post the revised policy on our website.
If the changes are significant, we may provide additional notice to you (such as by email or a prominent notice on our website) prior to the changes taking effect. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Your continued use of our website and services after any changes to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the updated policy.
If you have any questions or concerns about the changes, please contact us at support@chxngelog.com.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the information below:
Chxngelog Ltd
Email: support@chxngelog.com
Website: https://chxngelog.com
We are committed to addressing your inquiries and resolving any concerns you may have about your privacy and the protection of your data.
13. Legal Bases for Processing (GDPR Specific)
Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal bases we rely on to process your personal data. These legal bases include:
-
Consent: We may process your personal data if you have given us explicit consent to do so for a specific purpose. You can withdraw your consent at any time.
-
Contractual Necessity: We process your personal data to fulfil a contract with you or to take steps at your request before entering into a contract. This includes processing your information to provide our services, manage your account, and handle payments.
-
Legal Obligation: We may process your personal data where it is necessary to comply with a legal obligation, such as maintaining records for tax purposes or responding to legal requests.
-
Legitimate Interests: We may process your personal data for our legitimate interests, provided those interests are not overridden by your rights and interests. This includes processing data for security purposes, improving our services, and conducting business analytics.
14. California Consumer Privacy Act (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including:
-
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collect personal information, the purpose for collecting your personal information, and the categories of third parties with whom we share that information.
-
Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions.
-
Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. However, we do not sell your personal information to third parties.
-
Right to Non-Discrimination: You have the right to be free from discrimination for exercising your CCPA rights.
To exercise any of these rights, please contact us at support@chxngelog.com. We will verify your request and respond in accordance with the CCPA.
15. Data Protection Officer
Given the nature and scale of our data processing activities, we have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws and ensure that your personal information is handled appropriately. You can contact our DPO at support@chxngelog.com for any questions related to data protection and privacy.
16. Complaints
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority. If you are located in the European Union, you can contact the data protection authority in your country.
We encourage you to contact us first at support@chxngelog.com so we can address your concerns directly and work towards a resolution.
We are committed to working with you to resolve any concerns about your privacy and the protection of your data.