Privacy Policy

This Privacy Policy explains how TdF Guide ("we", "us", or "the Site") collects, uses, and shares information when you use this website or any related pages.

1. Information we collect

Account information. When you create an account, we collect your email address and a password (stored as a salted hash by our authentication provider). You may optionally add a first name and last name to your profile.

Subscription and billing information. If you purchase a paid plan, payment is processed by Stripe. We do not see or store your full card number or CVC. We retain the subscription status, plan, and identifiers (such as a Stripe customer ID and price ID) needed to give you access to the features you've paid for.

Feedback you submit. If you submit feedback through the contact form or community board, we store the content of your submission together with your account ID so we can follow up.

Preferences. Your theme choice (light/dark) is stored in your browser's localStorage. It never leaves your device.

Usage and device data. We use Google Analytics to understand how the Site is used (pages viewed, approximate location, device and browser type, referring URL, and similar). Google Analytics may set cookies and collects an IP address, which Google truncates before storage.

Server logs. Our hosting and authentication providers keep short-lived technical logs (IP address, request timestamps, error traces) for security and debugging.

2. How we use information

We use the information above to:

• create and maintain your account and authenticate you on return visits;
• process subscription payments and provide the features you've paid for;
• respond to feedback and support requests;
• monitor and improve site performance, fix bugs, and prevent abuse;
• understand aggregate usage patterns through analytics.

We do not sell your personal information, and we do not use it for advertising or profiling outside the Site.

3. Service providers we share data with

We rely on a small number of service providers, each of which only receives the data needed to perform its function:

• Supabase — authentication, profile storage, feedback storage, and database hosting.
• Stripe — payment processing and subscription management.
• Google Analytics (Google LLC) — aggregate usage analytics.

These providers act as data processors and are bound by their own privacy and security commitments.

4. Cookies and similar technologies

We use:

• Authentication cookies / tokens set by Supabase to keep you signed in. These are required for the account features to work.
• Analytics cookies set by Google Analytics. These are not required to use the Site.
• localStorage for your theme preference and other UI state. This stays in your browser.

You can clear cookies and local storage through your browser at any time. Doing so will sign you out and reset preferences.

5. Data retention

• Account, profile, and subscription records are kept for as long as your account exists, plus a short period afterward to handle refunds, disputes, and tax records.
• Feedback you submit is kept indefinitely unless you ask us to remove it.
• Analytics data is retained according to our Google Analytics configuration.
• You can delete your account at any time by contacting us; we will delete or anonymize your personal data, except where we are required to keep records (for example, Stripe transaction history for accounting).

6. Your rights

Depending on where you live (for example, the EU/UK under GDPR or California under the CCPA/CPRA), you may have the right to:

• access the personal information we hold about you;
• correct inaccurate information (you can also do this directly on the Account page);
• request deletion of your account and associated data;
• export a copy of your data;
• object to or restrict certain processing;
• withdraw consent for analytics cookies.

To exercise any of these rights, email us at the address in section 10. We will respond within the timeframes required by applicable law.

7. Security

We use HTTPS for all traffic, store passwords only as salted hashes, and rely on Supabase row-level security to isolate your data. No system is perfectly secure; please use a strong, unique password and let us know promptly if you suspect your account has been compromised.

8. International users

The Site is operated from the United States. If you access it from another country, your information will be transferred to and processed in the U.S. and in any country where our service providers operate.

9. Children

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Contact

Questions about this policy or your data? Reach out via our contact page.

11. Changes to this policy

We may update this policy from time to time. When we do, we'll change the "Last updated" date at the top, and for material changes we'll post a notice on the Site or email registered users.