This Privacy Policy describes how Treddit ("we", "us", or "our") collects, uses, and protects your personal information when you use our service at treddit.live. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and India's Information Technology Act, 2000.
1. Data Controller
Vandit Jain, operating as Treddit, is the data controller responsible for your personal information. Contact: vandit296@gmail.com
2. Information We Collect
We collect the following categories of information:
Account Information
When you sign in with Google, we receive your email address, name, and profile picture via Google OAuth. We store your email address and subscription status. We do not store your Google password.
Usage Data
We collect information about how you use the Service, including which subreddits you analyze, your onboarding inputs (product description, goals, ideal customer), and feature interactions. This data is used to personalize your experience and improve the Service.
Payment Information
Payment is processed by Razorpay (India) or Paddle (international). We do not store your credit card or bank account details. We receive and store your subscription status, subscription ID, and customer ID from the payment processor.
Technical Data
We collect your IP address, browser type, device type, and general geographic location (country level) for security, fraud prevention, and routing (e.g., determining which payment provider to use). We may use cookies and local storage for session management and user preferences.
3. How We Use Your Information
- To provide, operate, and improve the Service
- To authenticate you and manage your account
- To process payments and manage your subscription
- To personalize AI-generated intelligence based on your product and goals
- To send transactional emails (account confirmation, subscription receipts, usage digests)
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
- To analyze aggregate usage patterns and improve the Service
We do not sell your personal information to third parties. We do not use your data to train AI models beyond what is necessary to provide the Service to you.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, we process your data under the following bases:
- Contract performance — processing necessary to provide the Service you subscribed to
- Legitimate interests — security, fraud prevention, and Service improvement
- Legal obligation — complying with applicable laws
- Consent — for non-essential communications, where required
5. Data Sharing and Third Parties
We share data only with the following categories of service providers:
- Vercel — hosting and infrastructure
- Upstash — Redis database for user data and analysis cache
- Anthropic — AI processing of subreddit analysis (no personally identifying data is sent)
- Google — authentication via OAuth
- Razorpay / Paddle — payment processing
- Resend — transactional email delivery
All third-party processors are bound by data processing agreements and are prohibited from using your data for their own purposes. We may disclose your information if required by law, court order, or to protect our rights or the safety of others.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance (e.g., payment records, which may be retained for up to 7 years under Indian accounting law).
Cached subreddit analysis data is retained for up to 90 days and does not contain personally identifying information.
7. Your Rights
Depending on your location, you may have the following rights regarding your data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your personal data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request restriction of processing in certain circumstances
- Withdraw consent — where processing is based on consent
To exercise any of these rights, email us at vandit296@gmail.com. We will respond within 30 days. EU users have the right to lodge a complaint with their local supervisory authority.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to opt out of its sale (we do not sell personal information), and the right not to be discriminated against for exercising these rights. To submit a request, contact us at the email above.
9. Cookies and Tracking
We use session cookies for authentication and local storage for user preferences (such as the last subreddit you analyzed). We do not use advertising trackers or third-party analytics cookies. You can disable cookies in your browser, but this may affect your ability to log in and use the Service.
10. Data Security
We implement industry-standard security measures including encryption in transit (TLS), secure token storage, and access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
11. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States (Vercel, Upstash, Anthropic). Where required by law, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) to ensure your data is protected in accordance with applicable standards.
12. Children's Privacy
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes via email at least 14 days before they take effect. The "last updated" date at the top reflects the most recent revision.
14. Contact Us
For any privacy-related questions, requests, or concerns, contact us at: vandit296@gmail.com