Privacy Policy

1. Data controller

TheAvatarHub ("we") is the data controller for personal data processed via this site. Contact: yael.fuerst1@gmail.com.

2. What we collect

• Account data: email, display name, handle, optional avatar/bio/social links.
• Content: listings you submit, reviews you post.
• Usage data: outbound clicks (to measure listing engagement), pages visited, IP address (truncated), user agent.
• Cookies: a strictly-necessary session cookie and a consent-preference cookie. No tracking cookies are set without your consent.

3. Legal basis (GDPR Art. 6)

• Contract: creating and operating your account.
• Legitimate interest: security logging, anti-abuse, basic aggregated analytics.
• Consent: any non-essential cookies or analytics that require it (you control these via the cookie banner).

4. How we use data

• Provide the service (account, listings, reviews).
• Rank and recommend listings based on aggregated reviews and clicks.
• Detect abuse, spam, and security threats.
• Communicate essential service messages (e.g. password reset).

5. Sharing

We do not sell your personal data. We share it only with:

• Infrastructure providers (Lovable Cloud / Supabase, Cloudflare) acting as processors under GDPR-compliant DPAs.
• Affiliate networks, when you click an outbound link they may set their own cookies subject to their privacy policies.
• Authorities, where legally required.

6. International transfers

Some processors may store data outside the EEA/UK. Where this happens, transfers are protected by Standard Contractual Clauses or an equivalent safeguard.

7. Retention

We keep account data while your account is active. Reviews and listings remain associated with your handle until you delete them or your account. Aggregated analytics may be retained indefinitely in non-identifiable form.

8. Your rights (GDPR / UK GDPR)

You can:

• Access a copy of your data
• Correct inaccurate data
• Delete your account and associated data ("right to be forgotten")
• Restrict or object to processing
• Port your data to another service
• Withdraw consent at any time
• Lodge a complaint with your supervisory authority (e.g. ICO in the UK, your national DPA in the EU)

To exercise any of these, email yael.fuerst1@gmail.com. We respond within 30 days.

9. Cookies

We use a small number of cookies. Strictly-necessary cookies (session, consent preference) are set without consent. Non-essential cookies (analytics, etc.) are only set if you click "Accept" on the cookie banner. You can change your choice anytime via the "Cookie preferences" link in the footer.

10. Security

We use Row-Level Security, encrypted connections (HTTPS), and secret management on the backend. No system is 100% secure — please use a strong, unique password.

11. Children

The service is not intended for children under 16. We do not knowingly collect data from minors. If you believe a child has registered, contact us and we will remove the account.

12. Changes

Material changes to this policy will be announced on the site and the "Last updated" date will change.