Privacy Policy | Surkyl

Privacy Policy

Effective Date: January 19, 2025

Last Updated: January 19, 2025

Introduction

Welcome to Surkyl. We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our website, applications, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Important: You must be at least 13 years old to use our Services. See the Children's Privacy section for more information.

Information We Collect

We collect several types of information from and about users of our Services, including:

Information You Provide to Us

  • Account Information: When you create an account, we collect your email address, display name, username (handle), and password. You may optionally provide additional information such as a profile picture and bio.
  • OAuth Authentication: If you sign in using third-party authentication (such as Google), we receive your email address, name, and profile picture from that service. We use this information to create and authenticate your account.
  • Profile Information: Any information you add to your public profile, including your display name, bio, avatar, and other optional profile fields.
  • Content: Information and content you create, upload, or share through our Services, including files, messages, comments, and other communications.
  • Communications: When you contact us directly (e.g., customer support inquiries), we collect the information you provide, including your name, email address, and message content.

Information Collected Automatically

  • Usage Data: We collect information about how you interact with our Services, including features used, pages visited, time spent, and actions taken.
  • Device Information: We collect information about the devices you use to access our Services, including IP address, browser type and version, operating system, device type, and unique device identifiers.
  • Log Data: Our servers automatically record information when you use our Services, including your IP address, access times, browser type, and referring/exit pages.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities. See our Cookies section for more details.

Information from Third Parties

  • OAuth Providers: When you authenticate using Google OAuth or other third-party providers, we receive limited information from these services as permitted by your privacy settings with them.
  • Analytics Services: We use third-party analytics services (such as PostHog) that may collect information about your use of our Services.

How We Use Your Information

We use the information we collect for various purposes, including:

  • Provide and Maintain Services: To create and manage your account, authenticate users, and enable core functionality of our platform.
  • Improve and Develop Services: To understand how users interact with our Services, identify bugs and issues, and develop new features and improvements.
  • Personalization: To customize your experience, including displaying relevant content and features.
  • Communications: To send you service-related emails, notifications, security alerts, and updates. We may also send you marketing communications if you've opted in (you can opt-out at any time).
  • Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, abuse, and other harmful activities.
  • Analytics and Research: To analyze usage patterns, conduct research, and generate aggregated statistics about our Services.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or government requests.
  • Enforce Terms: To enforce our Terms of Service and other agreements.

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

With Your Consent

We may share your information when you give us explicit consent to do so.

Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers
  • Email delivery services (Resend)
  • Analytics providers (PostHog)
  • Authentication services (Google OAuth)
  • Payment processors (if applicable)

These service providers are contractually obligated to use your information only for the purposes we specify and to protect your information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of users or the public

Business Transfers

If Surkyl is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

Aggregated Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use industry-standard TLS/SSL encryption to protect data in transit and encryption at rest for sensitive data.
  • Access Controls: We restrict access to personal information to employees, contractors, and service providers who need access to perform their job functions.
  • Password Protection: User passwords are hashed using strong cryptographic algorithms (bcrypt) and are never stored in plain text.
  • Regular Audits: We conduct regular security assessments and audits of our systems.
  • Monitoring: We monitor our systems for suspicious activity and potential security threats.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you believe your account has been compromised, please contact us immediately at [email protected].

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You have the right to access the personal information we hold about you and, in some cases, to receive a copy of your information in a portable format.

Correction

You have the right to correct inaccurate or incomplete personal information. You can update most of your profile information directly through your account settings.

Deletion

You have the right to request deletion of your personal information. You can delete your account at any time through your account settings. Note that we may retain certain information as required by law or for legitimate business purposes.

Objection and Restriction

You have the right to object to or request restriction of certain processing of your personal information.

Opt-Out of Marketing

You can opt out of receiving marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings. Note that you cannot opt out of service-related emails (e.g., account verification, security alerts).

Do Not Track

Some browsers support a "Do Not Track" feature. Our Services do not currently respond to Do Not Track signals.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Services. Here's what we use:

Essential Cookies

These cookies are necessary for our Services to function properly. They include:

  • Authentication Cookies: To keep you logged in and maintain your session.
  • Security Cookies: To protect against CSRF attacks and other security threats.
  • Preference Cookies: To remember your settings and preferences.

Analytics Cookies

We use PostHog for analytics to understand how users interact with our Services. This helps us improve the user experience and identify issues. PostHog may collect:

  • Pages visited and features used
  • Time spent on pages
  • Click patterns and user flows
  • Device and browser information

Third-Party Cookies

When you use OAuth authentication (e.g., Google), third-party cookies may be set by those services to enable authentication and maintain your login state.

Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent you from using certain features of our Services.

Third-Party Services

Our Services integrate with various third-party services. Each service has its own privacy policy:

Google OAuth

When you sign in with Google, we receive limited information from Google as permitted by your Google privacy settings. We use this information solely for authentication and account creation. Google's use of your information is governed by Google's Privacy Policy .

PostHog Analytics

We use PostHog for product analytics. PostHog's use of your information is governed by PostHog's Privacy Policy .

Resend (Email Delivery)

We use Resend to send transactional emails. Resend's use of your information is governed by Resend's Privacy Policy .

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except as required by law.
  • Usage Data: We typically retain usage and analytics data for up to 2 years.
  • Communications: We retain customer support communications for up to 3 years for quality assurance and legal purposes.
  • Legal Requirements: We may retain certain information longer if required by law, regulation, or legal process (e.g., tax records, dispute resolution).

Children's Privacy

Age Requirement: Our Services are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. This age restriction complies with the Children's Online Privacy Protection Act (COPPA).

If you are under 13 years of age, you are not permitted to use our Services or provide any personal information to us. If we discover that we have collected personal information from a child under 13, we will delete that information promptly.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at [email protected] so we can delete the information.

Note for Users Aged 13-17: If you are between 13 and 17 years old, you may use our Services, but we recommend that you review this Privacy Policy with your parent or guardian.

International Data Transfers

Surkyl is based in the United States, and your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using our Services, you consent to the transfer of your information to the United States and other countries.

European Economic Area (EEA) Users: If you are located in the EEA, we comply with GDPR requirements when transferring personal data outside the EEA. We use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell (we do not sell personal information).
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: While we do not sell personal information, you have the right to opt out if we were to do so in the future.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, please contact us at [email protected]. We may require verification of your identity before processing your request.

Shine the Light Law: California residents may also request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if the changes are material (if you have an account with us)
  • Post a notice on our website or within our Services if the changes significantly affect your rights

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within 30 days.