Privacy policies are usually written by lawyers to cover their company's backs. This one is different - it's written by me (Youssef) to actually explain what I do with your data in plain English.
Your email and name when you sign up - I need this to create your account and contact you if needed.
Whatever content you upload for your portfolio - photos, text, projects. This is literally the point of the service.
Basic usage stats like which pages you visit and features you use - this helps me understand what's working and what isn't.
Technical stuff your browser sends automatically - IP address, browser type, etc. I don't do anything creepy with this, it's just standard web server logs.
To run the service - hosting your portfolio, sending you important updates, processing payments.
To help you when you email me with questions or problems.
To make ZoneFolio better by understanding how people use it (but in an anonymized way).
To keep the platform secure and prevent spam or abuse.
To comply with laws if I absolutely have to (but I'll fight unreasonable requests).
I don't sell your data. Period. That's not how I make money and it's frankly gross.
Your published portfolios are public by design - that's the whole point.
I use some third-party services to run ZoneFolio (hosting, email, analytics) but they're bound by strict privacy agreements.
If a court orders me to hand over data, I'll comply with the law but I'll also try to notify you unless legally prohibited.
If I ever sell ZoneFolio (unlikely), your data would transfer to the new owner, but I'd give you plenty of notice to export your stuff first.
Everything is encrypted in transit (HTTPS) and at rest. Your passwords are hashed and salted - I can't see them even if I wanted to.
I use reputable cloud providers with good security track records, not some sketchy server in my basement.
I keep regular backups in case something goes wrong, but they're also encrypted.
Only I have access to the production systems, and I use strong authentication and monitoring.
I'm not perfect though - if there's ever a security incident, I'll tell you about it honestly and quickly.
You can download all your data anytime from your account settings. No hoops to jump through.
You can delete your account and all your data whenever you want. It's gone within 30 days.
You can update your info, turn off emails, or ask me questions about what data I have.
If you're in the EU, you have additional rights under GDPR. Just email me and I'll sort it out.
If you think I'm handling your data wrong, tell me. I'd rather fix it than have you file a complaint somewhere.
I use cookies to keep you logged in and remember your preferences. Basic stuff.
I use simple analytics to understand how people use ZoneFolio, but it's anonymized data.
No creepy tracking pixels, no selling your browsing habits to advertisers, no building a profile to manipulate you.
You can disable cookies in your browser if you want, but some features might not work properly.
I don't use any of those annoying cookie banners because I'm not doing anything that requires them.
As long as your account is active, I keep your data. Makes sense, right?
If you delete your account, I delete your data within 30 days. Backups might take up to 90 days to cycle out.
I might keep some anonymized analytics data to improve the service, but it can't be traced back to you.
If you're inactive for a really long time (like 2+ years), I might email you to see if you still want your account.
Legal requirements might force me to keep some data longer, but I'll keep it to the absolute minimum.
Your data might be stored on servers in different countries (thanks, cloud computing), but it's always protected.
I comply with GDPR for EU users, CCPA for California users, and other privacy laws as they apply.
If you're in a country with strict data localization laws, email me and we can figure something out.
I'm not a lawyer, but I try to do the right thing and follow the spirit of privacy laws, not just the letter.
ZoneFolio isn't designed for kids under 13. If you're under 13, please don't sign up.
If I find out a kid under 13 has an account, I'll delete it immediately and contact their parents.
If you're a parent and think your kid signed up, email me and I'll sort it out quickly.
For teens 13-17, I recommend getting your parents' permission first, but it's not legally required.
I might need to update this policy occasionally as ZoneFolio evolves or laws change.
If I make significant changes, I'll email you about it. No burying important changes in fine print.
Minor clarifications or improvements might just be updated here with a new date.
If you don't like the changes, you can always export your data and leave. I won't take it personally.
If you have questions about how I handle your data or want to see what I have about you, just email me. No "privacy team" - just me, and I'll give you a straight answer.