Privacy Policy

1. Who we are

Details.so (“we”, “us”, “our”) is operated from Switzerland. This Privacy Policy explains what personal data we collect, why we use it, who we share it with, and what rights you have.

For privacy requests, contact us at legal@details.so.

2. Data we collect

We collect only the data we need to run, secure, improve, and sell access to the Service.

Account data — email address, Supabase user ID, login method, account timestamps, and profile information shared by an OAuth provider such as Google, which may include your name and avatar.
Authentication and session data — browser session tokens, auth status hints, account tier hints, and related local browser storage used to keep you signed in and show the right access state.
Billing data — paid plan, billing period, subscription status, customer ID, checkout country, billing portal activity, payment event records, and invoice or tax records handled through Polar. We do not store full card numbers.
Product data — saved items, bookmarks, folders, account limits, tier usage, feedback messages, support requests, content suggestions, and related timestamps.
Email and marketing data — email address, subscription or waitlist segment, opt-in or opt-out status, email delivery events, and unsubscribe preferences.
Technical and security data — IP address, approximate country, user agent, device and browser information, request metadata, rate-limit counters, server logs, and error logs.
Analytics data — aggregate, privacy-friendly usage data used to understand how the product is used. We do not use analytics for advertising, retargeting, or cross-site tracking.

3. Why we use data

We use personal data to:

create and secure accounts;
authenticate users and maintain sessions;
provide free and paid access to Inspo, Vault, bookmarks, folders, and account features;
process checkout, billing, invoices, renewals, cancellations, refunds where legally required, and customer support;
send service emails about login, account activity, billing, security, support, and important product changes;
send newsletter, Founder waitlist, and Details.so product update emails where allowed, always with an unsubscribe option for marketing emails;
verify email addresses, prevent abuse, enforce rate limits, and protect the Service;
understand aggregate product usage and improve the Service;
comply with legal, accounting, tax, and security obligations.

4. Legal basis

Where the EU GDPR, UK GDPR, or Swiss FADP applies, we rely on:

Contract performance — to provide accounts, paid access, billing, support, and requested features.
Legitimate interests — to secure the Service, prevent abuse, improve the product, send relevant Details.so product updates to account users where allowed, keep business records, and protect our legal rights.
Consent — for newsletter signups, Founder waitlist signups, and any other processing where consent is required. You can withdraw consent at any time.
Legal obligations — to keep accounting, tax, billing, compliance, and security records where required by law.

5. Marketing and service emails

We send transactional and service emails when needed for account access, login, security, billing, product operation, legal notices, support, and important account updates.

If you sign up for the newsletter or Founder waitlist, we use your email for that purpose until you unsubscribe or ask us to delete it.

If you create an account, we may send you Details.so product updates about our own similar features, releases, and offers where allowed by law. Each marketing email includes an unsubscribe option. Unsubscribing from marketing emails does not stop transactional or service emails.

6. Service providers

We do not sell your personal data. We share data only with providers we use to operate the Service:

Supabase — authentication, database, storage, and user management. supabase.com/privacy
Polar — checkout, subscriptions, billing portal, invoices, taxes where applicable, and payment-related records. polar.sh/legal/privacy
Resend — transactional emails, newsletter/waitlist emails, product update emails, and feedback/support email delivery. resend.com/legal/privacy-policy
ZeroBounce — email address validation for newsletter, waitlist, and signup quality checks. zerobounce.net/privacy
Vercel — hosting, CDN, serverless functions, request handling, logs, and deployment infrastructure. vercel.com/legal/privacy-policy
Google — OAuth login, if you choose to sign in with Google. policies.google.com/privacy

These providers process data under their own legal terms and, where applicable, data processing agreements.

7. International transfers

We operate from Switzerland and use providers that may process data in Switzerland, the EEA, the United Kingdom, the United States, or other countries.

Where personal data is transferred internationally, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, the Swiss equivalents of those clauses, the EU-US Data Privacy Framework where applicable, or another lawful transfer mechanism.

8. Retention

We keep personal data only as long as reasonably needed for the purposes above, unless a longer period is required or allowed by law.

Account data — kept while your account exists. If you request deletion, we delete or anonymize account data within a reasonable period, except data we must keep for legal, billing, security, or dispute reasons.
Bookmarks, folders, saves, and product data — kept while your account exists and deleted or anonymized after account deletion unless retention is required.
Billing, tax, invoice, and accounting records — kept for up to 10 years or longer if legally required.
Payment, subscription, and webhook event records — kept as long as needed for billing integrity, accounting, fraud prevention, chargebacks, audits, disputes, and legal compliance.
Newsletter and waitlist data — kept until you unsubscribe, request deletion, or the list is no longer needed.
Feedback and support messages — kept for up to 24 months unless needed longer for security, legal, or product history reasons.
Server, security, rate-limit, and error logs — usually kept for up to 30 days, unless needed longer for security, abuse investigation, debugging, legal claims, or compliance.
Aggregate analytics — kept in aggregated form and not used to identify you.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal data, and to withdraw consent.

You can make a request by emailing legal@details.so. We may need to verify your identity before acting on a request. Some data may be exempt from deletion or access where we need it for legal, security, billing, accounting, dispute, or fraud-prevention reasons.

You may also have the right to complain to a data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). In the EU or UK, you can contact your local supervisory authority.

10. California and other US privacy rights

We do not sell personal information and do not share it for cross-context behavioral advertising. We do not use sensitive personal information to infer characteristics.

If a privacy law gives you rights to know, access, correct, delete, or opt out of certain processing, you can exercise those rights by emailing legal@details.so.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided personal data, contact us and we will take appropriate steps to delete it.

12. Security

We use reasonable technical and organizational measures to protect personal data, including HTTPS, access controls, provider-managed security controls, and limited internal access. No online service is completely secure, and we cannot guarantee absolute security.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date shows when the current version took effect. For material changes, we may notify active account holders by email, in-product notice, or another reasonable method.