Privacy Policy

Last updated: July 2026

Preamble

Welcome to ploros. Protecting your personal data is paramount. This Privacy Policy explains how we collect, use, and safeguard your information when you access our website and services (the “Service”), in full compliance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Data Controller

The entity responsible for processing your personal data (“Data Controller”) is:

ploros.com
Fürstenweg 42
6020 Innsbruck, Austria
Email: contact@ploros.com
Website: www.ploros.com

2. Data Processors

We engage the following subprocessors under strict contractual obligations to process personal data on our behalf:

SubprocessorPurposeLocation
SupabaseSecure storage and user authenticationEU
VercelHosting and edge deliveryGlobal
CloudflareCDN and DNS servicesGlobal
PostHogProduct and error analyticsEU

We maintain and update this list; the current version is always available on our website.

3. Purposes and Legal Bases of Processing

We collect and process personal data only to the extent necessary for each of the following purposes, under the corresponding GDPR legal bases:

PurposeLegal basisDetails and scope
Account creation and authenticationArt. 6(1)(b) – Contract performanceProcessing your unique user ID, authentication tokens, and profile information (e.g., username and profile details) to verify identity, manage sessions, create profiles, and prevent unauthorized access.
Credit purchases and billingArt. 6(1)(b) – Contract performanceHandling purchase confirmations and transaction metadata (no full payment details stored) to fulfil payment obligations, issue invoices, and meet Austrian tax requirements.
Service delivery (blog creation, photo uploads, and sharing)Art. 6(1)(b) – Contract performanceStoring and processing your blogs, photos, stories, and associated metadata to enable blog creation, editing, uploading, sharing, and platform functionality.
Security, fraud prevention, and abuse monitoringArt. 6(1)(f) – Legitimate interestsAnalyzing access logs, authentication events, and usage patterns to detect anomalies, mitigate abuse, and protect the Service’s integrity.
Product improvement and analyticsArt. 6(1)(f) – Legitimate interestsAggregating pseudonymized usage events and error reports via PostHog EU to enhance performance, stability, and user experience.
Blog performance and engagement analyticsArt. 6(1)(f) – Legitimate interestsTracking and analyzing how users interact with blogs and profiles (e.g., page views, time spent reading, likes, comments, shares, follows, scroll depth, and popular destinations or topics). Data is pseudonymized and aggregated for platform improvement, content recommendations, and creator statistics dashboards.
Legal compliance and auditArt. 6(1)(c) – Legal obligationRetaining necessary records—such as transaction metadata and audit logs—to satisfy statutory retention periods under the Austrian Accounting Act and other laws.

4. Categories of Personal Data

We process only the following categories of personal data:

  • Identifiers: Unique user ID and profile information (e.g., username, bio, and email address).
  • Usage and diagnostics: IP address, browser or user agent, timestamps, and error logs.
  • Content data: Uploaded photos, blogs, stories, and any metadata you provide.

5. Data Retention

We retain personal data only as long as necessary for each purpose:

  • User content (blogs, photos, and stories): Retained as long as associated with your account; permanently deleted upon your request, content removal, or account deletion.
  • Account data: Retained for the life of your account; purged promptly upon account deletion, except where retention is legally mandated.
  • Transaction metadata: Stored for 10 years to comply with Austrian tax and accounting obligations.
  • Logs and diagnostics: Retained for up to 6 months for security audits and abuse prevention.

6. Your Data-Subject Rights (GDPR)

Under the GDPR, you may:

  • Access the personal data we hold about you (Art. 15)
  • Rectify inaccuracies (Art. 16)
  • Erase data (“right to be forgotten”) (Art. 17), subject to legal retention
  • Restrict processing under specified conditions (Art. 18)
  • Request data portability in a machine-readable format (Art. 20)
  • Object to processing based on our legitimate interests (Art. 21)
  • Withdraw consent at any time, without affecting prior processing (Art. 7)

To exercise your rights, contact us at contact@ploros.com. We respond within one month, per GDPR.

7. Security Measures

We apply industry-standard organizational and technical safeguards, including:

  • Encryption in transit: All communications via TLS
  • Encryption at rest: AES-256 (where applicable)
  • Access controls: Role-based privileges for personnel
  • Tokenized storage: SAS tokens for limited-scope content access
  • Regular audits: Vulnerability assessments and log reviews

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and administer our website, secure the Service, and improve your experience. You can manage your preferences at any time via our cookie consent banner or through your browser settings.

8.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and do not require your consent. They enable core platform features such as authentication and security:

Cookie namePurposeLifetime
__cf_bmCloudflare bot management30 minutes
__cfduidCloudflare security and request handling7 days
__cfruidUsed by Cloudflare to identify trusted web traffic and apply rate limitsSession
_cfuvidCloudflare bot detection and managementSession or 30 minutes

8.2 Optional Cookies (Analytics)

These cookies help us understand usage patterns so we can optimize performance and usability. They are set only if you opt in via our consent banner:

Cookie namePurposeLifetime
posthogPostHog anonymous user identifier1 year
ph_session_PostHog session tracking30 minutes

Marketing and Advertising Cookies

We do not employ any cookies for marketing or advertising purposes.

9. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be announced via the Service or direct notification. Continued use after such notice constitutes acceptance.

10. Right to Lodge a Complaint

If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with a supervisory authority. In Austria, this is:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Vienna, Austria
Website: www.dsb.gv.at

Contact

For inquiries or to exercise your data-subject rights, email contact@ploros.com.