publr

Privacy policy

Compliant with the LGPD (Lei nº 13.709/2018) and GDPR (Regulation EU 2016/679). Controller: publr Inc.

Effective:

1. What we collect

We collect the minimum personal data needed to operate the service. Concretely:

  • Account data — email address, name, account-creation timestamp, OAuth provider IDs (Google, GitHub) when you sign in via OAuth.
  • Billing data — Stripe customer ID, subscription tier, billing email. Payment-card details are stored only by Stripe and never touch our servers.
  • Uploaded files — the files you upload, plus their metadata (size, mime-type, hash, claim links).
  • Audit logs — records of significant account actions (login, plan change, URL claim, deletion). Retained 12 months.
  • Public-URL analytics — country, device type, browser, OS, referrer domain. Visitor fingerprints derive from a daily-rotated salt + IP + UA, hashed before storage. We never store plain-text IPs. Aggregates retained 7–365 days depending on plan.
  • Operational telemetry — Cloudflare Analytics Engine events, BetterStack uptime probes, error traces. Personal data minimised; no UGC content in error reports.

2. Why we collect it

We use your data only for the purposes for which you provided it (LGPD art. 6º) — chiefly:

  • operating the service: serving your URLs, processing billing, sending password resets;
  • account safety: spam detection, abuse moderation, fraud prevention;
  • product analytics: understanding which features are used, in aggregate;
  • customer communication: receipts, security notices, occasional product news (you can unsubscribe).

We do not sell your data, share it for cross-context behavioural advertising, or use uploaded files to train AI models.

3. Legal basis (GDPR art. 6 / LGPD art. 7)

  • Performance of contract — for everything required to deliver the service you signed up for.
  • Legitimate interests — for security, fraud prevention and minimal product analytics.
  • Consent — for non-essential analytics cookies and marketing emails. You can withdraw consent at any time.
  • Legal obligation — when responding to lawful requests from law enforcement or a court order.

4. Data subject rights

Under LGPD and GDPR you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your account and personal data;
  • request portability of your data in a structured, machine-readable format (JSON);
  • object to processing based on legitimate interests;
  • withdraw consent for non-essential processing;
  • lodge a complaint with the supervisory authority (Brazil: ANPD; EU/UK: your national DPA).

Self-service tools are available at Account → Privacy in the dashboard: Export account data downloads everything we hold about you as a JSON archive; Close account triggers a 30-day soft-delete after which all primary data is permanently removed. For requests we can't automate, email privacy@publr.host; we respond within 15 days.

5. Data retention

We keep personal data only as long as needed for the purpose it was collected:

  • Account data — for the life of the account. After closure: 30-day soft-delete grace, then permanent deletion.
  • Billing records — 5 years after the last invoice (legal/tax obligation).
  • Audit logs — 12 months.
  • Public-URL pageviews — 7 days (Free), 30 days (Starter), 90 days (Pro), 365 days (Agency). Aggregated counters stripped of fingerprints kept up to 24 months for product analytics.
  • Backups — encrypted snapshots retained 30 days, then expired.

6. Where your data lives

Our primary infrastructure runs on Cloudflare (KV, R2, Workers, Analytics Engine) with regional endpoints in São Paulo, Frankfurt and Iowa. Authentication is handled by Clerk (US-based, GDPR/LGPD DPAs in place). Database state lives in Convex (US-based). Email delivery is via Resend (US/EU). Stripe handles payments globally. All cross-border transfers rely on GDPR-approved Standard Contractual Clauses and equivalent LGPD safeguards.

7. Sub-processors

The current sub-processor list (≤ five entities) is:

  • Cloudflare — CDN, edge compute, KV/R2 storage, analytics engine.
  • Convex — primary database (DPA executed).
  • Clerk — authentication and user identity.
  • Stripe — billing and payment processing.
  • Resend — transactional email delivery.

We notify customers 30 days in advance of any sub-processor changes. Contractual addenda for B2B Pro/Agency plans are available on request.

8. Security

Data in transit is encrypted with TLS 1.3. Data at rest is encrypted via AES-256 (Cloudflare R2, Convex). Passwords are not stored — auth goes through OAuth or Clerk. We follow OWASP ASVS Level 2 hardening practices, run automated AppSec linting, and conduct quarterly manual security reviews. We carry security incident response runbooks and report breaches to ANPD / DPAs and affected users within 72 hours of confirmation.

9. Children's privacy

The service is not directed at children under 13. If you believe a child has provided personal data without consent, contact privacy@publr.host and we will delete it promptly.

10. Changes to this policy

We update this policy when we add new processing activities or when regulations change. Material changes are announced 30 days in advance via email and a dashboard banner. Historical versions are kept and linked from this page.

11. Contact

Privacy questions, data-subject requests and breach notifications: privacy@publr.host. Postal mail can be addressed to publr Inc., Av. Paulista, 1374, São Paulo SP 01310-100, Brazil.

EU representative: contact details published in the dashboard Privacy tab once we onboard our first EU customer (FR-prep). Data-protection officer (DPO): dpo@publr.host.