Privacy Policy | MarketiStats

MarketiStats ("we", "us", or "our") operates the website marketistats.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable European Union data protection legislation.

1. Data Controller

The data controller responsible for your personal data is MarketiStats. For any questions regarding this policy or your data, contact us at: our contact form

2. Personal Data We Collect

We collect the following categories of personal data:

Account data: name, email address, and profile picture (provided during registration or via Google OAuth through Supabase).
Payment data: billing information processed by Stripe. We do not store credit card numbers on our servers — Stripe handles this as an independent data processor.
Connected social accounts: when you connect a social media platform (TikTok, Instagram, YouTube, X/Twitter, Facebook), we store OAuth tokens and your public channel name to retrieve analytics on your behalf.
Usage data: IP address, browser type, pages visited, and timestamps, collected automatically through server logs and cookies.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following bases:

Contract performance (Art. 6(1)(b)): processing necessary to provide the Service you signed up for, including account management, social channel connections, and analytics retrieval.
Legitimate interest (Art. 6(1)(f)): analytics on Service usage to improve functionality and security, fraud prevention, and maintaining system integrity.
Consent (Art. 6(1)(a)): where you explicitly opt in to marketing communications or connect optional third-party accounts. You may withdraw consent at any time.
Legal obligation (Art. 6(1)(c)): where we are required to retain data for tax, accounting, or regulatory purposes.

4. How We Use Your Data

To create and manage your account.
To connect your social media channels and retrieve public analytics data.
To process payments and manage subscriptions via Stripe.
To send transactional emails (account confirmations, password resets).
To improve, maintain, and secure the Service.
To comply with legal obligations.

5. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following processors, each of whom operates under a Data Processing Agreement (DPA) compliant with the GDPR:

Supabase — authentication and database hosting (EU-available regions).
Stripe — payment processing (certified PCI DSS Level 1).
Social media platforms (TikTok, Instagram/Meta, YouTube/Google, X/Twitter, Facebook/Meta) — only via OAuth tokens you explicitly authorize, limited to reading public analytics data.

If any processor transfers data outside the European Economic Area (EEA), such transfers are protected by Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

6. Cookies

We use the following types of cookies:

Strictly necessary cookies: authentication session cookies (Supabase JWT). These are essential for the Service to function and do not require consent.

We do not use advertising or third-party tracking cookies. No cookie consent banner is required because we only use strictly necessary cookies as defined by the ePrivacy Directive (2002/58/EC).

7. Data Retention

Account data: retained for as long as your account is active. Upon account deletion, personal data is erased within 30 days, except where retention is required by law.
Payment records: retained for the legally required period (typically 10 years under EU tax regulations).
OAuth tokens: deleted immediately when you disconnect a channel or delete your account.
Server logs: retained for a maximum of 90 days, then automatically purged.

8. Your Rights Under the GDPR

As a data subject in the EU/EEA, you have the following rights:

Right of access (Art. 15): request a copy of the personal data we hold about you.
Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten").
Right to restriction (Art. 18): request that we limit how we process your data.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interest.
Right to withdraw consent (Art. 7(3)): where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at our contact form. We will respond within 30 days as required by the GDPR.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), secure authentication tokens, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

11. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For any questions, requests, or complaints regarding this Privacy Policy or your personal data, contact us at:

MarketiStats
Email: our contact form