Privacy Policy

Biogroove ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our link-in-bio service at biogroove.link (the "Service").

Data Controller: Biogroove operates as the data controller for the personal information collected through our Service. If you have questions about our data practices, please contact us at [email protected].

2.1 Information You Provide

• Account Information: Email address, username, password (encrypted)
• Profile Information: Display name, bio, profile picture
• Content: Links, titles, thumbnails you add to your page
• Payment Information: Processed securely by Stripe; we do not store card details

2.2 Automatically Collected Information

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, links clicked, time spent, referring URLs
• IP Address: Used for security, fraud prevention, and approximate location
• Cookies: Essential and optional cookies (see our Cookie Policy)

2.3 Information From Third Parties

• Social Logins: If you sign in via Google or other providers, we receive your email and profile name
• Analytics Partners: Aggregated usage statistics

• To provide, maintain, and improve our Service
• To process transactions and send related information
• To send you technical notices, updates, and support messages
• To respond to your comments, questions, and customer service requests
• To monitor and analyze usage trends and preferences
• To detect, prevent, and address fraud and security issues
• To comply with legal obligations

If you are in the European Economic Area (EEA) or United Kingdom, we process your data based on:

• Contract: To fulfill our agreement with you when you create an account
• Consent: When you opt-in to marketing communications or non-essential cookies
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

We do not sell your personal information. We may share your information with:

• Service Providers: Hosting (Cloudflare), payment processing (Stripe), email services
• Analytics Partners: To understand usage patterns (with anonymization where possible)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with merger, acquisition, or sale of assets
• With Your Consent: For purposes you have explicitly approved

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and UK Information Commissioner's Office.

We retain your personal information for as long as your account is active or as needed to provide you services. After account deletion, we may retain certain information as required by law (e.g., transaction records for tax purposes) for up to 7 years. Analytics data is anonymized after 26 months.

8.1 For All Users

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Data Portability: Receive your data in a portable format

8.2 Additional Rights (EEA/UK)

• Restrict Processing: Limit how we use your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time for consent-based processing
• Lodge Complaint: File a complaint with your local data protection authority

8.3 California Residents (CCPA/CPRA)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate for exercising your rights

To exercise these rights, visit your Account Settings in the dashboard or contact us at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).

Our Service is not intended for children under 13 years of age (or 16 in some EU jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

We implement industry-standard security measures including encryption (TLS/SSL), secure password hashing (bcrypt), and regular security audits. However, no method of transmission over the internet is 100% secure.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: biogroove.link