Privacy Policy

1. Introduction

Ness ("we", "us", or "our") operates the Ness web application and mobile applications (iOS and Android). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile photo through third-party authentication providers (Google, GitHub, or Apple Sign In). We do not store your passwords.

Profile Content

We store the content you add to your profile, including widget configurations, embedded content URLs (Spotify, YouTube, TikTok, Instagram), shop items, event details, biography text, and social media links.

Usage Data

We automatically collect certain information when you access our services, including your IP address, browser type, device information, pages visited, and interaction patterns. This data is collected through Vercel Analytics and Sentry error tracking.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and manage your subscription
• Display your public creator profile to visitors
• Send you service-related communications
• Monitor and analyze usage trends and errors
• Protect against unauthorized access and abuse

4. Third-Party Services

Supabase

We use Supabase for database hosting and authentication. Your data is stored in Supabase's PostgreSQL databases with Row Level Security (RLS) policies. Supabase's privacy policy applies to data processed by their infrastructure.

Stripe

We use Stripe to process web-based payments. We do not store your payment card information directly. All payment data is handled by Stripe in accordance with PCI DSS standards. See Stripe's privacy policy for details.

Apple & Google In-App Purchases

Subscriptions purchased through iOS or Android apps are processed by Apple (StoreKit) or Google (Google Play Billing) respectively. We receive transaction confirmations but do not handle payment card data for native purchases.

OAuth Providers

We use Google, GitHub, and Apple as authentication providers. When you sign in, we receive your basic profile information (name, email, profile photo) from the selected provider. We do not access your contacts, files, or other account data.

Embedded Content

Your profile may contain embedded content from Spotify, YouTube, TikTok, and Instagram. These services may collect data about visitors who interact with embedded content according to their own privacy policies.

Sentry

We use Sentry for error tracking and performance monitoring. When errors occur, Sentry may collect technical information including stack traces, device information, and user context to help us diagnose and fix issues.

5. Data Sharing

We do not sell your personal information. We share data only with the third-party service providers listed above, as necessary to operate our services. Your public profile content is visible to anyone who visits your profile URL.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Export your data in a portable format
• Withdraw consent for data processing

To exercise these rights, use the account settings in the app or contact us at the support email listed below.

8. Security

We implement industry-standard security measures including HTTPS encryption, Row Level Security on our database, secure authentication via OAuth 2.0, and regular security audits. However, no method of transmission over the Internet is 100% secure.

9. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us through the support page on our website.