1. Introduction

Welcome to HearMeOut ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

HearMeOut is the data controller for your personal data. For any questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: contact@hearmeout.world
• Website: hearmeout.world

3. Information We Collect

3.1 Personal Information

When you register or use our platform, we collect:

• Account Information: Email address, name, profile picture (avatar)
• Authentication Data: Google OAuth provider ID and connection timestamps
• Usage Data: Last login timestamp, account creation date, role (user, moderator, admin)

3.2 Content You Create

• Posts: Reviews, ideas, questions, and associated media (images, videos, documents)
• Comments: Comments you post on posts
• Engagement: Upvotes, downvotes, and shares

3.3 Technical Information

• IP address (for security and analytics)
• Browser type and version
• Device information
• Cookies and similar tracking technologies

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you register and agree to our Terms of Service and Privacy Policy
• Contractual Necessity: To provide you with our platform services and fulfill our terms of service
• Legitimate Interest: For platform security, fraud prevention, and improving our services
• Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

We use your personal data for the following purposes:

• To create and manage your account
• To authenticate you and provide secure access
• To display your posts, comments, and engagement
• To enable social features (voting, commenting, sharing)
• To improve and optimize our platform
• To ensure platform security and prevent fraud
• To communicate with you about your account or our services
• To comply with legal obligations

6. Third-Party Data Processors

We use the following third-party services that process your data:

• Google OAuth: For authentication. Google's Privacy Policy applies: https://policies.google.com/privacy
• Vercel: For hosting and file storage (Vercel Blob). Vercel's Privacy Policy applies: https://vercel.com/legal/privacy-policy
• MongoDB: For database storage. MongoDB's Privacy Policy applies: https://www.mongodb.com/legal/privacy-policy

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Posts and Comments: Retained until you delete them or request account deletion. You may choose to anonymize or delete your content when deleting your account.
• Session Data: Session cookies expire after 30 days of inactivity.
• Legal Requirements: Some data may be retained longer if required by law or for legal proceedings.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data. You can download your data from the Settings page.
• Right to Rectification: Correct inaccurate or incomplete data through your account settings.
• Right to Erasure: Request deletion of your account and personal data. Available in Settings.
• Right to Data Portability: Receive your data in a machine-readable format (JSON). Available in Settings.
• Right to Object: Object to processing of your data for legitimate interests.
• Right to Restrict Processing: Request restriction of data processing in certain circumstances.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at contact@hearmeout.world or use the features available in your account settings.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers operate. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Privacy Shield (where applicable)
• Other legally recognized transfer mechanisms

10. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

Essential cookies are required for the platform to function. Non-essential cookies require your consent.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (HTTPS/TLS)
• Secure authentication (OAuth 2.0)
• Secure cookie settings (httpOnly, secure, sameSite)
• Access controls and authentication
• Regular security assessments

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

13. Children's Privacy

Our platform is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our platform after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or to exercise your rights, please contact us:

• Email: contact@hearmeout.world
• Website: hearmeout.world