Privacy Policy

Last updated: May 29, 2026

nandzz ("we", "us", or "our") operates the nandzz platform ("Platform"). This Privacy Policy explains how we collect, use, and protect your personal information when you use the Platform.

1. Data Controller

nandzz is the data controller responsible for your personal information. You can reach us at [email protected] for any privacy-related requests.

2. Information We Collect

Information you provide: When you create an account, we collect your email address, username, and any profile information you choose to add. We also collect content you upload or create on the Platform ("Spaces").

Automatically collected information: Our hosting infrastructure (Vercel) and authentication provider (Supabase) collect standard server logs, which may include your IP address, browser type, and request metadata. We do not run independent analytics trackers on the Platform.

3. How We Use Your Information

We process your personal data on the following legal bases:

  • Contract performance: to create and manage your account, display your Spaces, and process your subscription.
  • Legitimate interests: to maintain the security and integrity of the Platform, detect fraud or abuse, and improve our service.
  • Legal obligation: to comply with applicable laws and respond to lawful requests from authorities.
  • Consent: for any optional communications such as newsletters or promotional emails.

4. Information Sharing

We do not sell your personal information. We share your data only in these limited circumstances:

  • Service providers: Supabase (authentication and database) and Vercel (hosting), each bound by their own data processing agreements.
  • Legal requirements: when required by law, court order, or governmental authority.
  • Protection of rights: to protect the safety, rights, or property of nandzz, our users, or the public.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

5. International Data Transfers

Your data may be stored and processed in countries outside your own, including the United States, where our service providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to protect cross-border transfers of personal data.

6. Data Storage & Security

Your data is stored using Supabase, which employs encryption at rest and in transit (TLS). We implement access controls and security best practices appropriate for a platform of our size. However, no system is completely secure and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. When you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it longer (e.g., billing records for tax purposes, which we retain for up to 7 years).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request deletion of your account and associated personal data.
  • Portability: request a copy of your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Platform is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform and, where appropriate, by email. The updated policy will include a revised "Last updated" date. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

For any questions or concerns about this Privacy Policy, or to exercise your data rights, contact us at [email protected].