Privacy Policy

a) Account information

When you create an account via Google OAuth, we collect your name, email address, and profile picture as provided by Google. We store this to identify your account and personalize your experience.

b) Submitted content

If you submit a project, write a review, or post a comment, we collect the content you provide along with your user ID and timestamp.

c) Usage data

We collect anonymous usage data via Google Analytics, including pages visited, time on site, browser type, and approximate geographic location (country/city level). This data is aggregated and cannot be used to identify you personally.

d) Project views and clicks

We track how many times a project listing is viewed and its external link is clicked. This data is used to display view counts and is not linked to your identity unless you are logged in.

e) Support messages

When you submit a support request, we collect your name, email, and message content. This is used solely to respond to your inquiry.

• To provide and operate the PolyCatalog service
• To display your submitted projects, reviews, and public profile
• To send transactional emails (e.g. account verification, magic login links)
• To send optional notification emails if you opt in to email notifications
• To analyze usage patterns and improve the website
• To detect and prevent abuse, spam, and fraudulent submissions
• To respond to support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following types of cookies and tracking technologies:

• Session cookies — required for authentication and maintaining your logged-in state (via NextAuth.js).
• Google Analytics — anonymous usage tracking to understand how visitors use the site. You can opt out via Google's opt-out tool.
• Voting cookies — we store anonymous vote identifiers in cookies to prevent duplicate votes on projects.

Your data is stored in a PostgreSQL database hosted on Neon (a cloud database provider). We use industry-standard security practices including HTTPS encryption, hashed tokens, and access controls.

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. Please use a strong, unique password for your account and be cautious with sensitive information.

We use the following third-party services that may process your data:

• Google OAuth — for sign-in
• Google Analytics — for anonymous usage analytics
• Neon — for database hosting
• Vercel — for website hosting and CDN

Each of these providers has their own privacy policy. We encourage you to review them.

You have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Opt-out — unsubscribe from email notifications in your account settings

To exercise any of these rights, please contact us. We will respond within 30 days.

PolyCatalog is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal information within 30 days, except where retention is required by law or legitimate business need (e.g. fraud prevention).

Anonymous usage analytics data is retained for up to 26 months as per Google Analytics default settings.

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us via our support form.