Introduction

At myBuild, we take your privacy seriously. This Privacy Policy explains in detail how we collect, use, protect, and store your personal information when you use our service. By using myBuild, you agree to the collection and use of information in accordance with this policy.

This policy applies to all users of our service, including visitors, registered users, and anyone who accesses or uses our platform. We are committed to protecting your privacy and ensuring the security of your personal data.

Information We Collect

Personal Information

When you create an account with myBuild, we collect the following personal information:

• Email Address: Required for account creation, authentication, and communication purposes. We use your email to send you important account notifications, password reset links, and service updates.
• Display Name: A name you choose to display on your profile and builds. This is optional and can be changed at any time.
• Authentication Data: We store encrypted authentication tokens and session information to maintain your login state securely.

Car Build Information

When you create a car build, we collect and store:

• Vehicle Details: Make, model, year, nickname, and description of your vehicle
• Images: Up to 3 photos per build that you upload to showcase your vehicle
• Modifications: Information about modifications including titles, brands, details, and optional product links
• Build Status: Whether your build is published publicly or kept as a private draft

Automatically Collected Information

We automatically collect certain information when you use our service:

• Usage Data: Information about how you interact with our platform, including pages visited, features used, and time spent on the site
• Device Information: Browser type, device type, operating system, and IP address (anonymized where possible)
• Log Data: Server logs containing timestamps, request types, and error information for debugging and security purposes

How We Use Your Information

We use the information we collect for the following purposes:

Service Provision

• Create and manage your user account
• Process and store your car builds and associated content
• Generate and maintain unique public URLs for your published builds
• Display your builds according to your privacy settings (public or private)
• Enable you to edit, update, and delete your builds

Communication

• Send you account-related notifications (password resets, email confirmations)
• Respond to your inquiries and provide customer support
• Notify you of important service updates or changes to our policies
• Send you security alerts if we detect suspicious activity on your account

Service Improvement

• Analyze usage patterns to improve our platform's functionality and user experience
• Identify and fix technical issues and bugs
• Develop new features based on user needs and feedback
• Conduct security audits and prevent fraudulent activity

Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to valid legal requests from law enforcement or government agencies
• Protect our rights, property, and safety, as well as that of our users
• Enforce our Terms of Service and prevent abuse of our platform

Data Storage and Security

We implement comprehensive security measures to protect your personal information:

Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) 1.2 or higher, ensuring that your information cannot be intercepted during transmission.
• At Rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms. Authentication credentials are hashed using secure, one-way hashing functions.
• Storage: Images and files are stored in secure, encrypted storage buckets with access controls and encryption at rest.

Access Controls

• We implement role-based access controls (RBAC) to ensure that only authorized personnel can access your data
• All database access is logged and monitored for suspicious activity
• We use Row Level Security (RLS) policies to ensure users can only access their own data
• Multi-factor authentication is required for administrative access to our systems

Infrastructure Security

• Our servers are hosted on secure, enterprise-grade infrastructure with regular security updates
• We perform regular security audits and vulnerability assessments
• Firewalls and intrusion detection systems protect our network infrastructure
• We maintain regular backups of all data with secure, encrypted backup storage

Data Breach Procedures

In the unlikely event of a data breach, we have procedures in place to:

• Immediately investigate and contain the breach
• Notify affected users within 72 hours of discovering the breach
• Report the breach to relevant data protection authorities as required by law
• Take immediate steps to prevent further unauthorized access

Data Retention

We retain your personal information according to the following principles:

Active Accounts

We retain your personal information and build data for as long as your account is active. This includes all car builds, images, modifications, and account settings. You can access, modify, or delete this information at any time through your account dashboard.

Deleted Accounts

When you delete your account, we will:

• Immediately remove your account from active use
• Delete all associated car builds, images, and modifications within 30 days
• Anonymize or delete your personal information (email, display name) within 90 days
• Retain anonymized usage data for analytics purposes for up to 2 years

Legal Requirements

We may retain certain information for longer periods if required by law, regulation, or legal process. This includes information related to ongoing legal disputes, tax obligations, or regulatory compliance requirements. In such cases, we will only retain the minimum amount of information necessary to comply with these obligations.

Third-Party Services

We use trusted third-party services to provide and improve our platform. These services have their own privacy policies and security measures:

Supabase

We use Supabase for:

• Database Storage: All user data, car builds, and modifications are stored in Supabase's PostgreSQL database, which is hosted on secure, encrypted servers
• Authentication: User authentication and session management is handled by Supabase Auth, which uses industry-standard security protocols
• File Storage: Car images are stored in Supabase Storage, which provides encrypted, secure object storage with access controls

Supabase is GDPR compliant and maintains SOC 2 Type II certification. Their privacy policy can be found at https://supabase.com/privacy.

Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all third-party service providers that handle personal data. These agreements ensure that third parties:

• Only process data for the purposes we specify
• Implement appropriate security measures
• Comply with applicable data protection laws
• Notify us of any data breaches
• Delete or return data upon termination of services

Your Rights

Depending on your location, you may have certain rights regarding your personal information under data protection laws such as GDPR, CCPA, and others:

Right to Access

You have the right to request access to all personal information we hold about you. This includes your account information, car builds, and any other data associated with your account. You can access most of this information directly through your account dashboard.

Right to Rectification

You can update or correct your personal information at any time through your account settings. This includes your display name, email address, and all car build information. If you need assistance updating information, please contact us.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information. You can delete individual car builds or your entire account at any time. When you delete your account, we will remove your personal information in accordance with our data retention policy, except where we are required to retain it by law.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format. This includes all your car builds, modifications, and account information. We will provide this data within 30 days of your request.

Right to Object

You have the right to object to certain types of processing of your personal information, such as processing for direct marketing purposes or processing based on legitimate interests. You can control many of these preferences through your account settings.

Right to Restrict Processing

You can request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Exercising Your Rights

To exercise any of these rights, please contact us through your account settings or by using the contact information provided on our platform. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests to protect your privacy and security.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

Essential Cookies

These cookies are necessary for the platform to function properly:

• Authentication Cookies: Store your login session to keep you logged in
• Security Cookies: Help protect against cross-site request forgery (CSRF) attacks
• Preference Cookies: Remember your settings and preferences

Analytics Cookies

We use analytics cookies to understand how users interact with our platform. This helps us improve our services. Analytics data is aggregated and anonymized, and does not identify individual users.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may affect the functionality of our platform. For more information about managing cookies, please refer to your browser's help documentation.

Children's Privacy

Our service is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer your data internationally, we ensure that appropriate safeguards are in place:

• We only transfer data to countries that provide adequate levels of data protection
• We use Standard Contractual Clauses (SCCs) approved by data protection authorities
• We ensure that third-party service providers comply with applicable data protection laws
• We implement additional security measures for international data transfers

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you of material changes via email or through a notice on our platform
• Provide a summary of significant changes when appropriate

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our service after any changes to this policy constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Through your account settings on our platform
• By emailing us at the contact address provided in your account settings
• Through the contact form or support channels available on our platform

We are committed to addressing your privacy concerns and will respond to your inquiries within a reasonable timeframe, typically within 30 days.