Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, username, email address, date of birth, password (encrypted)
• Profile Information: Profile picture, bio, creator status
• Payment Information: Processed securely through Stripe (we don't store full card details)
• Content: Videos, images, comments, tips, and other content you upload or create

1.2 Information Automatically Collected

• Usage Data: IP address, browser type, device information, pages visited
• Cookies: Authentication cookies, preference cookies, analytics cookies
• Analytics: Vercel Analytics for performance monitoring
• Error Tracking: Sentry for error monitoring and debugging

2. How We Use Your Information

2.1 Legal Basis for Processing (GDPR Article 6)

We process your data under the following legal bases:

• Contract Performance (Article 6(1)(b)): Account management, content delivery, payment processing, creator payouts
• Legal Obligation (Article 6(1)(c)): Age verification (COPPA/GDPR), tax compliance, fraud prevention, court orders
• Legitimate Interests (Article 6(1)(f)): Platform security, abuse prevention, analytics, bug fixes, service improvement
• Consent (Article 6(1)(a)): Marketing communications (opt-out available), optional cookies (analytics)

2.2 Purposes

• Provide Services: Account management, content delivery, payment processing
• Improve Platform: Analytics, feature development, bug fixes
• Communication: Service updates, security alerts, marketing (opt-out available)
• Legal Compliance: Age verification (COPPA), content moderation, fraud prevention
• Security: Account protection, abuse prevention, rate limiting

3. Data Sharing and Third Parties

3.1 Service Providers

• Vercel: Hosting and deployment (USA)
• Neon: Database hosting (USA/EU)
• AWS: Media storage and transcoding (configurable regions)
• Stripe: Payment processing (global, PCI-DSS compliant)
• Sentry: Error monitoring (USA)
• Resend: Transactional emails (USA/EU)
• Upstash: Rate limiting (global)

3.2 We DO NOT

• Sell your personal data to third parties
• Share your data for advertising purposes
• Use your content for AI training without permission

3.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and users' safety.

4. Children's Privacy (COPPA Compliance)

• Age Requirement: Users must be at least 13 years old
• Age Verification: Date of birth required at signup
• Under 13: Accounts are automatically rejected
• Under 18: Content moderation with age-appropriate filtering
• Parental Rights: Parents can request data deletion for minors by contacting support

5. Your Rights (GDPR/CCPA)

• Access: Request a copy of your personal data
• Correction: Update incorrect information in Settings
• Deletion: Request account deletion (permanent)
• Portability: Export your data in machine-readable format
• Opt-Out: Disable marketing emails in notification settings
• Withdrawal: Delete your account at any time

To exercise these rights, contact: info@knotreels.com

6. Data Security

• Encryption: HTTPS for all connections, bcrypt for passwords (12 rounds)
• Access Control: Role-based permissions (user, creator, admin)
• Rate Limiting: Protection against brute force attacks
• Monitoring: Real-time security alerts via Sentry
• Compliance: Regular security audits and updates

7. Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Personal data permanently deleted within 30 days
• Content: Public content may be cached temporarily for performance
• Legal Holds: Data retained longer if required by law or ongoing investigation
• Backups: Backup copies automatically purged within 90 days

8. Cookies and Tracking

8.1 Essential Cookies (No Consent Required)

These cookies are strictly necessary for the platform to function and cannot be disabled:

• Authentication: Session cookies for login (HTTP-only, secure, expires when you log out)
• Security: CSRF protection tokens to prevent cross-site attacks
• Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) - essential for service delivery

8.2 Analytics Cookies (Optional - Consent Required)

• Vercel Analytics: Page views, performance metrics (privacy-focused, no personal data)
• Purpose: Improve platform performance and user experience
• Legal Basis: Consent (GDPR Article 6(1)(a)) - you can opt-out
• Duration: 30 days

8.3 Managing Cookies

You have full control over cookie preferences:

• Browser Settings: Most browsers allow you to refuse cookies or delete them
• Impact: Blocking essential cookies will prevent login; blocking analytics cookies won't affect functionality
• Withdrawal: You can change your mind at any time in your browser settings

Note: We use minimal cookies and do not use tracking pixels, social media trackers, or advertising cookies.

9. International Data Transfers

Your data may be processed in the United States, European Union, or other regions where our service providers operate. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) with service providers
• Privacy Shield Framework compliance (where applicable)
• GDPR-compliant data processing agreements

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or prominent notice on the platform. Continued use after changes constitutes acceptance.

11. Contact Information

12. Supervisory Authority

If you're in the EU/EEA, you have the right to lodge a complaint with your local data protection authority: