PRIVACY POLICY

1. INFORMATION WE COLLECT

We collect the following types of information when you use OnlyGraff:

Account Information

When you register, we collect your email address, password (stored securely via Supabase Auth), tag name, bio, city, and profile avatar. If you sign in with Google OAuth, we receive your name and email from Google.

Content

We store the photos, videos, and written content you upload to the Platform, along with associated metadata (titles, descriptions, tags, timestamps).

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other sensitive financial information on our servers. Stripe may collect and store this information in accordance with their own privacy policy.

Usage Data

We may collect information about how you use the Platform, including pages visited, features used, and interactions with content (likes, comments, follows).

2. HOW WE USE YOUR INFORMATION

• To provide, maintain, and improve the Platform
• To process transactions and send related information
• To send notifications about your account, subscriptions, and messages
• To enforce our Terms of Service and protect against fraud
• To respond to your requests and support inquiries
• To analyze usage patterns and improve the user experience

3. COOKIES & LOCAL STORAGE

OnlyGraff uses cookies and browser local storage to maintain your authentication session and remember your preferences. These are essential for the Platform to function properly. We do not use third-party tracking cookies or advertising cookies. Our service worker may cache certain assets locally for offline access and improved performance.

4. THIRD-PARTY SERVICES

We use the following third-party services to operate the Platform:

• Supabase — database, authentication, and file storage
• Stripe — payment processing for subscriptions and tips
• Vercel — web hosting and deployment
• Google — OAuth authentication (optional sign-in method)

Each of these services has their own privacy policies. We encourage you to review them.

5. DATA RETENTION

We retain your account information and content for as long as your account is active. If you delete your account, we will remove your personal information and content within 30 days, except where we are required to retain it for legal or regulatory purposes. Payment transaction records may be retained as required by financial regulations.

6. YOUR RIGHTS

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your content and data
• Withdraw consent for data processing where applicable

To exercise any of these rights, contact us at support@onlygraff.com.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (HTTPS), secure authentication (Supabase Auth with bcrypt password hashing), and Row Level Security policies on all database tables. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. CHILDREN'S PRIVACY

OnlyGraff is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@onlygraff.com.

9. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on the Platform with a new "Last updated" date. Your continued use of the Platform after changes constitutes acceptance of the revised policy.

10. CONTACT

If you have any questions about this Privacy Policy, please contact us at support@onlygraff.com.