Privacy Policy
Last updated: July 2026
Preamble
Welcome to ploros. Protecting your personal data is paramount. This Privacy Policy explains how we collect, use, and safeguard your information when you access our website and services (the “Service”), in full compliance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
1. Data Controller
The entity responsible for processing your personal data (“Data Controller”) is:
ploros.comFürstenweg 42
6020 Innsbruck, Austria
Email: contact@ploros.com
Website: www.ploros.com
2. Data Processors
We engage the following subprocessors under strict contractual obligations to process personal data on our behalf:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Secure storage and user authentication | EU |
| Vercel | Hosting and edge delivery | Global |
| Cloudflare | CDN and DNS services | Global |
| PostHog | Product and error analytics | EU |
We maintain and update this list; the current version is always available on our website.
3. Purposes and Legal Bases of Processing
We collect and process personal data only to the extent necessary for each of the following purposes, under the corresponding GDPR legal bases:
| Purpose | Legal basis | Details and scope |
|---|---|---|
| Account creation and authentication | Art. 6(1)(b) – Contract performance | Processing your unique user ID, authentication tokens, and profile information (e.g., username and profile details) to verify identity, manage sessions, create profiles, and prevent unauthorized access. |
| Credit purchases and billing | Art. 6(1)(b) – Contract performance | Handling purchase confirmations and transaction metadata (no full payment details stored) to fulfil payment obligations, issue invoices, and meet Austrian tax requirements. |
| Service delivery (blog creation, photo uploads, and sharing) | Art. 6(1)(b) – Contract performance | Storing and processing your blogs, photos, stories, and associated metadata to enable blog creation, editing, uploading, sharing, and platform functionality. |
| Security, fraud prevention, and abuse monitoring | Art. 6(1)(f) – Legitimate interests | Analyzing access logs, authentication events, and usage patterns to detect anomalies, mitigate abuse, and protect the Service’s integrity. |
| Product improvement and analytics | Art. 6(1)(f) – Legitimate interests | Aggregating pseudonymized usage events and error reports via PostHog EU to enhance performance, stability, and user experience. |
| Blog performance and engagement analytics | Art. 6(1)(f) – Legitimate interests | Tracking and analyzing how users interact with blogs and profiles (e.g., page views, time spent reading, likes, comments, shares, follows, scroll depth, and popular destinations or topics). Data is pseudonymized and aggregated for platform improvement, content recommendations, and creator statistics dashboards. |
| Legal compliance and audit | Art. 6(1)(c) – Legal obligation | Retaining necessary records—such as transaction metadata and audit logs—to satisfy statutory retention periods under the Austrian Accounting Act and other laws. |
4. Categories of Personal Data
We process only the following categories of personal data:
- Identifiers: Unique user ID and profile information (e.g., username, bio, and email address).
- Usage and diagnostics: IP address, browser or user agent, timestamps, and error logs.
- Content data: Uploaded photos, blogs, stories, and any metadata you provide.
5. Data Retention
We retain personal data only as long as necessary for each purpose:
- User content (blogs, photos, and stories): Retained as long as associated with your account; permanently deleted upon your request, content removal, or account deletion.
- Account data: Retained for the life of your account; purged promptly upon account deletion, except where retention is legally mandated.
- Transaction metadata: Stored for 10 years to comply with Austrian tax and accounting obligations.
- Logs and diagnostics: Retained for up to 6 months for security audits and abuse prevention.
6. Your Data-Subject Rights (GDPR)
Under the GDPR, you may:
- Access the personal data we hold about you (Art. 15)
- Rectify inaccuracies (Art. 16)
- Erase data (“right to be forgotten”) (Art. 17), subject to legal retention
- Restrict processing under specified conditions (Art. 18)
- Request data portability in a machine-readable format (Art. 20)
- Object to processing based on our legitimate interests (Art. 21)
- Withdraw consent at any time, without affecting prior processing (Art. 7)
To exercise your rights, contact us at contact@ploros.com. We respond within one month, per GDPR.
7. Security Measures
We apply industry-standard organizational and technical safeguards, including:
- Encryption in transit: All communications via TLS
- Encryption at rest: AES-256 (where applicable)
- Access controls: Role-based privileges for personnel
- Tokenized storage: SAS tokens for limited-scope content access
- Regular audits: Vulnerability assessments and log reviews
8. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and administer our website, secure the Service, and improve your experience. You can manage your preferences at any time via our cookie consent banner or through your browser settings.
8.1 Strictly Necessary Cookies
These cookies are essential for the Service to function and do not require your consent. They enable core platform features such as authentication and security:
| Cookie name | Purpose | Lifetime |
|---|---|---|
__cf_bm | Cloudflare bot management | 30 minutes |
__cfduid | Cloudflare security and request handling | 7 days |
__cfruid | Used by Cloudflare to identify trusted web traffic and apply rate limits | Session |
_cfuvid | Cloudflare bot detection and management | Session or 30 minutes |
8.2 Optional Cookies (Analytics)
These cookies help us understand usage patterns so we can optimize performance and usability. They are set only if you opt in via our consent banner:
| Cookie name | Purpose | Lifetime |
|---|---|---|
posthog | PostHog anonymous user identifier | 1 year |
ph_session_ | PostHog session tracking | 30 minutes |
Marketing and Advertising Cookies
We do not employ any cookies for marketing or advertising purposes.
9. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be announced via the Service or direct notification. Continued use after such notice constitutes acceptance.
10. Right to Lodge a Complaint
If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with a supervisory authority. In Austria, this is:
Österreichische DatenschutzbehördeBarichgasse 40–42
1030 Vienna, Austria
Website: www.dsb.gv.at
Contact
For inquiries or to exercise your data-subject rights, email contact@ploros.com.