Privacy Policy - FindForce.io

Information We Collect

Account Information

• Email address and password (encrypted)
• Company name and professional details (optional)
• Payment information (processed by Lemon Squeezy)

Usage Information

• Email addresses submitted for verification
• Service usage patterns and feature utilization
• Technical data (IP address, browser type, device information)
• Error reports and diagnostic information

Website and Product Analytics

We use PostHog to collect analytics data across our website and Chrome extension to improve our service. This includes:

Website Analytics (Consent Required)

• Page views, session duration, and navigation patterns
• Referral sources and campaign effectiveness
• Device information and browser capabilities
• Geographic location (country/region level)

Website analytics require your explicit consent via our cookie banner. You can withdraw consent at any time using our cookie preferences.

Extension Analytics (Opt-out Available)

• Feature usage patterns and user interactions within the extension
• Performance metrics and error logs
• Feature flag effectiveness
• Anonymous user sessions and crash reports

Extension analytics are enabled by default with opt-out available in your extension settings. We process this data under legitimate interest to maintain and improve our service.

Cookies and Tracking

We use essential cookies for authentication and analytics cookies with your consent:

• Essential: Authentication and session management (always active)
• Analytics: PostHog website analytics (requires consent via banner)
• Extension: PostHog telemetry within Chrome extension (opt-out available in settings)

How We Use Your Information

We process your data to:

• Provide and maintain our email verification service
• Process payments and manage subscriptions
• Improve service performance and resolve technical issues
• Collect product telemetry and crash reports
• Send service updates and important notifications
• Comply with legal and regulatory obligations

We do not sell, rent, or share your personal data for marketing purposes.

Data Sharing

We share data only with essential service providers:

• Lemon Squeezy - Payment processing
• Hetzner - Infrastructure hosting (EU-based)
• CloudFlare - Content delivery and security
• Maileroo - Transactional email delivery
• PostHog - Product analytics and crash reporting (opt-out available)

We may disclose information when required by law, court order, or to protect our legal rights.

Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

• Contract Performance: Account management, service delivery, payment processing
• Legitimate Interest: Extension analytics for service improvement and security
• Consent: Website analytics and non-essential communications
• Legal Obligation: Financial record keeping and regulatory compliance

Your Privacy Rights

All Users

• Access and export your personal data
• Correct inaccurate information
• Delete your account and associated data
• Opt out of non-essential communications
• Disable extension analytics in extension settings
• Withdraw website analytics consent via cookie preferences

EU Residents (GDPR)

• Right to data portability
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to processing

California Residents (CCPA)

• Right to know about data collection
• Right to delete personal information
• Right to non-discrimination for exercising privacy rights

Data Retention

• Active accounts: Maintained during subscription period
• Closed accounts: Deleted within 30 days
• Verification history: Retained for 30 days
• Financial records: 7 years (legal requirement)

Security Measures

We implement industry-standard security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Secure data centers within the European Union
• Regular security updates and monitoring
• Access controls and authentication protocols

International Data Transfers

Developer Friendly OÜ is based in Estonia (EU). Data is primarily processed within the European Union. Any international transfers comply with appropriate safeguards including Standard Contractual Clauses.

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors and will delete such information if discovered.

Policy Updates

We will notify users of material changes to this policy 30 days before implementation. Continued use after changes take effect constitutes acceptance.