Privacy Policy
Last Updated: December 10, 2025
1. Introduction
Welcome to OurChapter. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our page builder service.
OurChapter is operated from Greece and complies with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
2. Information We Collect
2.1 Information You Provide
- Account information (name, email address) through our authentication provider
- Content you create (stories, text, quiz questions, custom messages)
- Images and media files you upload
- Page settings and customizations
- Feedback and communications with us
2.2 Information Collected Automatically
- Usage data (pages viewed, features used, time spent)
- Device information (browser type, operating system, IP address)
- Cookies and similar tracking technologies
2.3 Browser Storage (Guest Users)
For unauthenticated users building pages before signup ("Guest Mode"):
- Page content, settings, and customizations are stored locally in your browser using localStorage
- UI preferences (e.g., widget expansion states) are stored in sessionStorage
- This data is stored only on your device and is not transmitted to our servers until you create an account and choose to save your page
- Clearing your browser data, using incognito/private browsing, or switching browsers/devices will result in loss of this locally stored information
- We do not have access to or control over guest page data stored in your browser
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve our service
- Create and host your pages
- Process your account registration and authentication
- Store and deliver your uploaded content
- Communicate with you about service updates
- Respond to your support requests
- Analyze usage patterns to improve user experience
- Prevent fraud and ensure platform security
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on:
- Contract Performance: Processing necessary to provide our service
- Legitimate Interests: Improving our service, security, and analytics
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legal Obligations: Compliance with applicable laws
5. Third-Party Services
We use trusted third-party services to operate our platform:
- Clerk: Authentication and user management
- Supabase: Database hosting and image storage
- Lemon Squeezy: Payment processing and subscription management
- Resend: Transactional email delivery
- Vercel: Application hosting and deployment
- Google Analytics: Website analytics and usage tracking (with your consent)
These services may have access to your data only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes. They comply with GDPR requirements.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information only in these circumstances:
- With your consent: When you choose to make pages public
- Service providers: Third parties who help us operate our service
- Legal requirements: When required by law or to protect our rights
- Business transfers: In connection with a merger, acquisition, or sale of assets
7. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, please contact us using the information in the Contact section below.
8. Data Retention
We retain your personal data only as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.
9. Data Security
We implement appropriate technical and organizational security measures to protect your personal data, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure authentication and authorization
- Regular security assessments
- Access controls and monitoring
- Input sanitization to prevent XSS attacks
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. When we do so, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Certification under approved frameworks
12. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this privacy policy or wish to exercise your rights, please contact us:
- Email: contact@ourchapter.app (subject line: "Privacy Request")
- Website: Contact Page
You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.