Back to Home

Privacy Policy

Last updated: January 16, 2026

1. Introduction

Citrufy (“we”, “our”, “us”) is a user-generated content (UGC) platform that connects creators and customers. We value your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights.

2. Information We Collect

  • Account Data: Name, email address, password (hashed), role (creator or customer), country/city, preferred language.

  • Profile & Portfolio Data: Description, uploaded images, videos, equipment, superpowers, and related content you choose to share.

  • Communication Data: Messages, file attachments, reviews, and interactions with other users.

  • Technical Data: IP address, browser type, device information, cookies, and analytics (Google Analytics, TikTok Pixel, etc., if enabled).

  • Social Login Data: If you sign in with Google or Facebook, we may receive your email, name, and profile ID.

  • Email Data: Email verification status, email logs (for security and compliance).

3. How We Use Your Data

  • To provide and secure the Citrufy platform (authentication, messaging, file storage, video processing).

  • To display verified and active creator/customer profiles.

  • To process payments and comply with financial/legal requirements.

  • To send important updates, verification emails, and platform notifications.

  • To analyze performance and improve services (usage statistics, bug prevention).

  • To enforce platform rules, prevent abuse, and comply with applicable laws (GDPR).

4. Legal Basis

We process your data based on:

  • Your consent (when creating a profile, uploading content, subscribing to notifications).

  • Contract necessity (to provide Citrufy services).

  • Legal obligations (e.g., financial reporting, security compliance).

  • Legitimate interests (fraud prevention, service improvement).

5. Data Sharing

  • Internal: Between Citrufy systems (authentication, admin, analytics).

  • Third Parties: Hosting (Hetzner, Laravel Cloud), email delivery (Mailtrap/Resend/SMTP), payment provider (Stripe Connect), analytics providers.

  • We do not sell personal data.

6. Data Storage & Retention

  • Data is stored in secure EU-based servers.

  • User data is retained as long as the account is active.

  • Inactive or deleted accounts are scheduled for removal (with grace periods, in line with GDPR).

  • Logs and analytics are retained for limited periods (typically 90 days).

7. Your Rights

  • Access, correct, or delete your personal data.

  • Withdraw consent at any time.

  • Request data portability.

  • Object to certain processing activities.

  • File a complaint with your local data protection authority.

8. Security

We implement strict access controls, encryption, rate limiting, and audit logs to protect your data. File uploads are restricted by type and size.

9. Children

Citrufy is not intended for children under 16.

10. Updates

We may update this policy from time to time. Changes will be announced on our platform.