Privacy Policy

1. Information We Collect

We collect information to provide, personalize, and secure our services. The types of personal data we collect depend on how you interact with our platform:

A. Account and Profile Credentials

• Basic Registration Info: Email address, cryptographically secure password hashes, account registration date, and email verification status.
• Passkeys (WebAuthn): Public key credentials, signature counters, credential IDs, and device names. Note: Your private cryptographic key never leaves your local device.
• User Profile: Display name, job title, bio, and profile image URL.

B. Interactive Actions and Content

• Reviews and Ratings: Text reviews, ratings, pros and cons lists, and usage context. Your display name and job title will be shown publicly next to reviews you write.
• Bookmarks and Upvotes: Saved bookmarks and upvoted AI tools are stored on our servers to synchronize your customized library across devices.
• Tool Submissions: Information, links, logos, descriptions, and media provided when submitting AI tools for listing.

C. Billing and Subscription Information

If you purchase a paid plan or feature:

• Payment processing is handled securely and directly by our third-party processor, Stripe, Inc.
• We do not store your credit card or raw bank details on our servers.
• We store your Stripe Customer ID, Subscription Plan Tier (e.g., Free vs. Premium), payment statuses, invoice history, and billing metadata.

D. Security, Device, and Usage Logs

• Audit Logs: To verify security events, we log login history, password changes, active session tokens, device types, operating systems, and IP addresses.
• Access Controls: We track failed login attempts to enforce temporary security lockouts (e.g., locking an account for 15 minutes after 10 failed login attempts).

2. How We Use Your Information

We process your personal information to fulfill our contract with you, optimize our platform, and maintain security. Specifically:

• Authentication: To identify you, manage active sessions, log you out of devices, and support MFA and passkey logins.
• Security Auditing: To monitor account actions, block brute-force attempts, prevent cross-site request forgery (CSRF) via CSRF cookies, and secure our REST APIs.
• Personalization: To sync your bookmarks and manage upvote scores.
• Community Contributions: To display user-generated reviews and audit submitter credentials.
• Billing Support: To handle subscription changes, trigger Stripe portal webhooks, and issue invoices.
• Analytics: To count tool page views (preventing double-counting via local storage) and analyze traffic metrics.

3. Cookies and Tracking Technologies

For a detailed list of cookies and tracking tools, please read our dedicated Cookie Policy.

4. Data Retention

We retain your account details, profile metadata, bookmarks, and upvote history for as long as your account remains active.

If you choose to close your account, we will permanently delete or anonymize your personal credentials and profile. Reviews you have submitted may be anonymized or removed depending on our editorial standards. Transaction logs and invoices will be retained as required by financial and tax regulations.

5. Data Security

We implement industry-standard administrative, physical, and technical safeguards:

• All connections are forced over HTTPS with modern TLS encryption.
• Passwords are hashed with bcrypt before storage in MongoDB.
• Session management is regulated by JWT tokens and secure cookie exchange.
• MFA and cryptographic WebAuthn passkey protocols are available.
• CSRF tokens are verified on all state-changing endpoints (`POST`, `PUT`, `DELETE`).

6. Your Privacy Rights (GDPR & CCPA)

Depending on your jurisdiction (such as the EEA or California), you may have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate profile data.
• Right to Erasure (Right to be Forgotten): Request the permanent deletion of your account.
• Right to Portability: Request to download your bookmarks, profile info, and reviews in a structured format.
• Right to Restrict or Object: Opt-out of analytics cookies or newsletter communications.

To exercise any of these rights, please visit your account dashboard or email our privacy team.

7. Third-Party Integrations

Our platform connects with external services:

• Stripe: Payment and portal redirection.
• Vimeo / YouTube: Video screenshot/player embeds on tool pages.
• OAuth Providers (e.g., Google, GitHub): Quick-sign-in integrations.

We are not responsible for the privacy practices of these third-party platforms. We recommend reviewing their policies.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we make material changes, we will update the date at the top and notify logged-in users via a dashboard notification or email.