Privacy Policy

1. Introduction

PickAFav™ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our voting platform at pickafav.com and app.pickafav.com.

2. Information We Collect

2.1 Google OAuth Information

When you sign in with Google, we collect:

• Email address - Used for account identification and vote integrity
• Google user ID - Used to ensure one vote per pair per user

2.2 Voting Data

We collect your voting choices to:

• Aggregate anonymous voting results
• Prevent duplicate voting on the same pairs
• Generate public statistics (without personal identification)

2.3 Technical Information

We automatically collect:

• IP address - For security, fraud prevention, and rate limiting
• Geographic location - Country and region only (not precise location) for traffic analytics
• Browser & device info - Type, OS, screen size (for compatibility)
• Usage analytics - Aggregated, non-personal usage statistics
• Essential cookies - Session management and security tokens only

3. How We Use Your Information

3.1 Core Functionality

• Account authentication - Secure login via Google OAuth
• Vote integrity - Ensuring fair voting (one vote per pair per user)
• Results generation - Creating anonymous, aggregated voting statistics

3.2 Service Improvement

• Performance monitoring - Ensuring fast, reliable service
• Security protection - Preventing abuse and maintaining service integrity
• Anonymous analytics - Understanding usage patterns without personal identification

3.3 What We DON'T Do

• ❌ We do NOT sell your personal information
• ❌ We do NOT use tracking cookies for advertising
• ❌ We do NOT share individual voting choices
• ❌ We do NOT send marketing emails without consent
• ❌ We do NOT track users for advertising purposes

4. Information Sharing

4.1 Public Information

We share only aggregated, anonymous voting results publicly:

• Vote counts and percentages
• Popular pairs and trending categories
• Statistical summaries

4.2 Service Providers

We use these trusted services:

• Google OAuth - Authentication service
• Cloudflare - Content delivery and security
• All providers - GDPR compliant with data processing agreements

4.3 Legal Requirements

We may disclose information only when required by law or to protect our rights and users' safety.

5. Data Security

We implement industry-standard security measures:

• Encryption - All data transmitted via HTTPS/TLS
• Access controls - Limited access to personal data
• Data minimization - We collect only necessary information
• Regular security audits - Ongoing security assessments

6. Your Rights (GDPR Compliance)

If you're located in the EU/EEA, you have these rights:

6.1 Access and Portability

• Right to access - Request a copy of your personal data
• Data portability - Receive your data in a machine-readable format

6.2 Correction and Deletion

• Right to rectification - Correct inaccurate personal data
• Right to erasure - Request deletion of your account and data

6.3 Control and Objection

• Right to restriction - Limit processing of your data
• Right to object - Object to certain types of processing
• Withdraw consent - Remove consent for data processing at any time

To exercise these rights: Contact us

7. Cookies and Analytics

7.1 Essential Cookies

We use minimal, essential cookies for core functionality:

• Authentication tokens - Keep you logged in securely
• CSRF protection - Prevent cross-site request forgery
• Session management - Maintain your voting session
• Consent preferences - Remember your privacy choices

7.2 Optional Analytics (With Consent)

With your explicit consent, we use privacy-focused Google Analytics to understand:

• Traffic sources - Which websites refer visitors to us
• Page popularity - Which pages are most visited
• Geographic regions - General location data (country/region level)
• Device types - Mobile vs desktop usage patterns

Analytics Privacy Features:

• ✅ IP addresses are anonymized
• ✅ No personal identification or cross-site tracking
• ✅ Short data retention (90 days)
• ✅ No advertising features enabled
• ✅ Cookieless tracking where possible

7.3 What We DON'T Use

• ❌ Advertising or remarketing cookies
• ❌ Third-party tracking pixels
• ❌ Social media tracking
• ❌ Marketing automation cookies
• ❌ Cross-site user profiling

7.4 Cookie Management

You have full control:

• Choose your level - Essential only or essential + analytics
• Change anytime - Update preferences using the "Manage Cookie Preferences" link
• Browser control - Disable cookies entirely in your browser settings
• No penalty - Full functionality with essential cookies only

8. Data Retention

8.1 Retention Periods

• Account data - Retained while your account is active, deleted within 30 days of account deletion
• Voting history - Kept indefinitely for vote integrity and statistical analysis (anonymized after account deletion)
• IP addresses - Retained for 90 days for security and analytics
• Log data - Automatically deleted after 90 days
• Session data - Cleared when you log out or after 30 days of inactivity

8.2 Account Deletion

When you delete your account:

• Personal identifiers (email, name) are removed within 30 days
• Voting data becomes anonymous but remains for statistical integrity
• Account settings and preferences are permanently deleted
• You cannot recover deleted accounts or data

9. International Transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through:

• GDPR-compliant service providers
• Standard contractual clauses
• Adequate security measures

10. Children's Privacy

PickAFav™ is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Post the updated policy on this page
• Update the "Last modified" date
• Notify users of significant changes via email or app notification

12. Contact Information

For privacy-related questions or to exercise your rights:

12.1 EU Representative

If you're in the EU and have concerns about our data processing, you can contact your local data protection authority or file a complaint.

13. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Your CCPA Rights

• Right to Know: Request information about personal data we collect, use, and share
• Right to Delete: Request deletion of your personal data (subject to legal requirements)
• Right to Opt-Out: We don't sell personal data, so no opt-out needed
• Right to Non-Discrimination: We won't discriminate for exercising your rights

13.2 Personal Information We Collect

In the past 12 months, we have collected these categories of personal information:

• Identifiers: Email address (via Google OAuth)
• Internet Activity: Voting choices and preferences
• Technical Data: IP address, browser type (for security only)

13.3 We Do NOT:

• ❌ Sell personal information to third parties
• ❌ Share data for monetary consideration
• ❌ Use data for advertising or marketing purposes

To exercise CCPA rights: Contact us with "CCPA Request" in the subject line.

14. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent - When you sign in with Google and agree to our terms
• Legitimate interests - For security, fraud prevention, and service improvement
• Contract performance - To provide the voting service you requested