Privacy Policy

1. Information We Collect / Enfòmasyon Nou Kolekte

• Account information: first name, last name, username, email address, and password (hashed — never stored in plain text).
• Profile information: bio, avatar image, and language preference (Haitian Creole or English).
• Activity data: votes, arguments, replies, reactions, predictions, saves, and follows.
• Financial data: coin purchase history and transaction records. Payment card details are processed exclusively by Stripe — Gran Boulva never sees or stores card numbers.
• Technical data: IP address, device type, operating system version, and app version.
• User-generated content: the text of arguments, replies, and prediction statements you submit.
• Voice and video recordings: audio recordings and video clips you record and submit as arguments or prediction statements. These are uploaded to secure cloud storage and associated with your account.

2. How We Use Your Information / Kijan Nou Itilize Enfòmasyon Ou

• To provide, operate, and improve the Gran Boulva platform.
• To process coin purchases, transfers, and argument boosts.
• To send in-app notifications about platform activity (votes, replies, mentions).
• To enforce our Terms of Service and Acceptable Use Policy.
• To host and serve voice and video argument recordings submitted by users.
• To detect fraud, abuse, and maintain platform security.
• To generate aggregate, anonymized analytics about platform usage.
• To comply with applicable law and legal obligations.

3. Information We Share / Enfòmasyon Nou Pataje

We do not sell your personal information. We share data only with the following service providers who operate on our behalf: • Supabase (database & authentication) — data is stored on Amazon Web Services servers in the us-east-1 (N. Virginia) region. Supabase acts as a data processor under a Data Processing Agreement. • Stripe (payment processing) — we share transaction data necessary to process coin purchases. Stripe is PCI-DSS Level 1 certified. • OpenAI (AI content generation) — we use OpenAI's API to generate matchup drafts via the Scout feature. No personal user data (names, emails, UGC) is sent to OpenAI. • Supabase Storage / AWS S3 (media storage) — voice and video argument recordings are stored in secure cloud storage buckets. Files are accessible only via signed or public URLs generated by our platform. We may disclose information if required by law, court order, or to protect the rights and safety of Gran Boulva and its users.

4. Data Retention / Konsèvasyon Done

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal information within 90 days, except where retention is required by law (for example, payment transaction records required for financial compliance may be retained for up to 7 years). User-generated content you posted (arguments, replies) may remain visible in anonymized or deleted form after account deletion, depending on platform context. Voice and video recordings you submitted as arguments are deleted from our storage servers when the associated argument is deleted or when your account is deleted, within 90 days.

5. Your Rights / Dwa Ou

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request deletion of your account and associated personal data.
• Portability: request your data in a portable, machine-readable format.
• Objection: object to certain types of processing (e.g., profiling).
• Restriction: request that we restrict processing of your data in certain circumstances.
• To exercise any right, contact us at: support@granboulva.com. We will respond within 30 days.

6. Children's Privacy / Vi Prive Timoun

Gran Boulva is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are located in the European Union, you must be at least 16 years old, or have verifiable parental consent, to use Gran Boulva. If we become aware that we have inadvertently collected information from a child under the applicable age, we will delete it promptly. Contact us at support@granboulva.com if you believe we have such data.

7. International Data Transfers / Transfè Done Entènasyonal

Gran Boulva is operated from the United States. Data is stored on Supabase/AWS servers in the United States (us-east-1). By creating an account, you consent to the transfer of your personal information to the United States, which may have different data protection laws than your country of residence. For EU/EEA users, transfers are covered by standard contractual clauses (SCCs) as provided by Supabase's data processing agreement.

8. CCPA — California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): • Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties we share it with. • Right to Delete: request deletion of your personal information (subject to certain exceptions). • Right to Opt-Out of Sale: Gran Boulva does not sell personal information. You do not need to opt out. • Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights. To submit a request, email support@granboulva.com with "CCPA Request" in the subject line.

9. GDPR — EU / EEA Users

Our legal bases for processing personal data under the General Data Protection Regulation (GDPR) are: • Contract performance: processing necessary to provide the Gran Boulva service you signed up for. • Legitimate interests: security monitoring, fraud prevention, and improving the platform. • Consent: marketing communications (you may withdraw consent at any time). Our Data Protection contact is: support@granboulva.com. You also have the right to lodge a complaint with your local supervisory authority.

10. Security / Sekirite

We implement industry-standard security measures including: • All data transmitted over HTTPS / TLS encryption. • Passwords hashed using bcrypt via Supabase Auth — never stored in plain text. • Row-level security (RLS) policies on all database tables. • Voice and video recordings stored in access-controlled cloud storage with path-based permissions tied to the uploading user's account. • Access to production systems is restricted to authorized personnel only. No system is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

11. Changes to This Policy / Chanjman nan Règleman Sa

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an in-app notification or email at least 14 days before the changes take effect. Continued use of Gran Boulva after that date constitutes acceptance of the updated policy. Contact: support@granboulva.com