1. Information We Collect

Personal Information

• Account Information: Name, email address, username, date of birth
• Profile Information: Gender, location (city/region), interests, employment status (optional), job title (optional)
• Authentication Data: Login credentials, Google account information (if using social login), OTP verification data

Product Opinion and Engagement Data

• Poll Responses: Your opinions and ratings about products through polls and surveys
• Product Contributions: Products you add to the platform, including product names, brands, categories, and descriptions
• Product Images: Photos you upload of products
• Barcode Scans: Product barcodes you scan for identification
• Product Discoveries: Products you view, search for, or engage with
• Participation History: Which polls and products you've engaged with and when
• Rewards and Points: Your contribution level, badges earned, and reward redemptions
• Comments and Feedback: Any comments or detailed feedback you provide about products

Survey and Poll Creation Data

• Created Polls: Polls you create and their settings
• Targeting Preferences: Your interests and demographic information used for poll targeting

Technical Information

• Device Information: Device type, operating system, browser information
• Usage Data: How you interact with our Platform, features used, time spent, navigation patterns
• Location Data: IP address-based general location (city/region level)
• Session Data: Login sessions, authentication tokens, session identifiers

2. How We Use Your Information

Core Platform Services

• Account Management: Create and maintain your account
• Product Discovery: Help you find products and brands based on your interests
• Poll Matching: Connect you with relevant polls based on your profile and product interests
• Social Engagement: Enable you to share opinions and see what thousands of others think
• Rewards System: Track contributions and provide rewards, discounts, and loyalty points
• Poll Creation: Enable you to create and distribute polls about products
• Brand Insights: Provide structured feedback and analytics to brands about their products
• Platform Improvement: Enhance features and user experience

Communication

• Platform Updates: Important service announcements and feature updates
• Poll Invitations: Notifications about relevant polls and products
• Product Alerts: Updates about products you're interested in
• Support: Respond to your questions and technical issues
• Marketing: Promotional communications (with your consent)

Research and Development

• Platform Analytics: Improve our services using aggregated, anonymized data
• Feature Development: Develop new features based on usage patterns
• Product Insights: Generate insights about product trends and consumer preferences (anonymized)
• Academic Research: Support legitimate research purposes (anonymized data only)

3. Data Sources and Third-Party Information

To provide comprehensive product information and enhance your experience, we collect data from multiple sources:

Product Information Sources

• USDA FoodData Central: Comprehensive database of branded food products in the United States, including nutritional information and product details
• Open Food Facts: Collaborative, open database of food products from around the world, including ingredients, allergens, and product information
• Barcode Data: Product identification through UPC/EAN barcodes from USDA and Open Food Facts APIs

Brand Information Sources

• OpenAI GPT-4: AI-generated brand descriptions, categorizations, and product summaries to enhance product pages
• Manufacturer Websites: Product images, descriptions, and brand information sourced from official manufacturer websites

User-Contributed Information

• Community Submissions: Product reviews, ratings, images, and information submitted by users
• Crowdsourced Database: User-added products, corrections, and updates to existing product information

How We Use Third-Party Data

Third-party data is used solely to:

• Populate product information and reduce manual data entry
• Verify product authenticity through barcode validation
• Enhance product pages with comprehensive details
• Provide accurate brand and product categorization

We do not sell or share user data with these third-party data providers. Data flows one-way: from public databases to our platform for product information enrichment only.

4. Information Sharing and Disclosure

With Brands and Poll Creators

• Poll Responses: Your opinions and ratings about their products
• Demographic Information: Age range, gender, location, interests (for targeting and analytics)
• Aggregated Insights: Statistical summaries of responses and participant demographics
• Product Feedback: Comments and detailed feedback you provide about products

Note: Brands receive aggregated, anonymized data. Your personal identifiers (name, email) are never shared unless you explicitly provide them through product feedback forms.

Public Information

• Public Poll Results: Results of polls marked as public by creators
• Product Reviews: Your public product ratings and reviews (associated with your username)
• Leaderboards: Your username and contribution level on public leaderboards
• Community Features: Your username and public poll participation
• Platform Statistics: Anonymized, aggregated platform usage data

Service Providers

• Hosting: Render (cloud infrastructure)
• Database: Supabase (data storage and authentication)
• Email: SendGrid (transactional emails)
• Authentication: Google (social login), Supabase Auth (OTP and credential management)
• AI Services: OpenAI (product descriptions and brand categorization)
• Analytics: Platform performance and usage analytics
• Payment Processing: Stripe (when premium features are activated)

Legal and Safety

• Legal Compliance: When required by law, regulation, or legal process
• Safety: To protect users, prevent fraud, or address security issues
• Business Transfers: In connection with mergers, acquisitions, or asset sales

We never sell your personal information to third parties.

5. Age Requirements and Parental Rights

Minimum Age Requirements

• Global: Users must be 16 years or older
• Verification: Age confirmed through date of birth and checkbox confirmation
• Parental Rights: Parents of users under 18 may request information about their child's account

Protection of Minors

• Special Protections: Additional safeguards for users under 18
• Content Moderation: Enhanced review of content targeting younger users
• Educational Use: Special considerations for academic research involving minors

6. International Data Transfers

Global Operations

Your information may be transferred to and processed in the United States and other countries where we operate. We ensure appropriate safeguards through:

• Standard Contractual Clauses: EU-approved data transfer mechanisms
• Adequacy Decisions: Transfers to countries with adequate protection
• Your Consent: Explicit consent for international transfers where required

Regional Compliance

• US: Compliance with CCPA and state privacy laws
• EU/UK: GDPR and UK GDPR compliance with appropriate safeguards
• Canada: PIPEDA compliance
• India: DPDP Act compliance
• Australia: Privacy Act compliance

7. Data Security

We implement comprehensive security measures including:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Limited access to personal information based on role and necessity
• Authentication Security: Secure token-based authentication with Supabase
• Security Monitoring: Regular security audits and monitoring
• Incident Response: Procedures for handling security breaches
• Vendor Security: All service providers meet security standards

8. Your Privacy Rights

Universal Rights

• Access: View and download your personal information
• Correction: Update or correct your profile information
• Deletion: Delete your account and associated data
• Portability: Export your data in common formats (JSON, CSV)
• Withdrawal: Withdraw consent for data processing

Regional Rights

• California Residents: CCPA rights including disclosure of data categories and deletion
• EU/UK Residents: Full GDPR rights including data portability and erasure
• Canadian Residents: PIPEDA rights including access and correction
• Indian Residents: DPDP Act rights including data portability and erasure

Exercising Your Rights

Contact us at privacy@heuristicinsights.app to exercise your privacy rights. We will respond within:

• 30 days for most requests
• 45 days for complex requests (with notification)
• 72 hours for urgent security-related requests

9. Data Retention

Retention Periods

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data retained for 3 years after last activity
• Poll Responses: Retained for 5 years for research purposes
• Product Contributions: Product data you contribute remains on the platform to maintain database integrity
• Analytics Data: Retained for 2 years for platform improvement
• Legal Compliance: Retained for 7 years when required by law

Anonymization

After retention periods, personal identifiers are removed and data may be retained indefinitely for research and analytics purposes. Product contributions are anonymized but remain on the platform to preserve the product database.

10. Cookies and Local Storage

Essential Cookies

We use cookies to make Heuristic Insights work. These cookies are necessary for the platform to function. You cannot opt out of these cookies.

• Session Cookie: Keeps you logged in while you use the platform (Flask session management)
• Authentication Tokens: Securely stores your login information (Supabase auth tokens)
• Security Cookies: Protects against unauthorized access and CSRF attacks

Local Storage (Browser Cache)

We temporarily store poll and feed data in your browser's local storage to improve your experience. This allows faster navigation without re-fetching data from our servers.

What we store:

• Recently viewed polls and products
• Feed content for quick access
• Navigation state for smooth forward/back browsing

Why we store it:

• Faster page loads and better performance
• Better user experience (smooth navigation)
• Reduced server requests and bandwidth usage

How long we keep it:

• This data is temporary and stored only in your browser
• Clearing your browser cache removes this data
• We do not access or collect this cached data from your browser
• Data is automatically refreshed when new content is available

What We Don't Use

We do not currently use:

• Tracking Cookies: We do not track you across websites
• Advertising Cookies: We do not serve personalized ads
• Third-Party Analytics Cookies: We do not use Google Analytics or similar tracking services
• Marketing Cookies: We do not use cookies for marketing purposes

Managing Cookies and Storage

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from logging in and using the platform. Clearing local storage will remove cached feed data but will not affect your account or saved preferences.

If we add analytics or marketing cookies in the future, we will:

• Update this Privacy Policy
• Provide a cookie consent banner
• Allow you to opt out of non-essential cookies
• Notify you via email of the changes

11. Third-Party Services

Integrated Services

• Google Authentication: Governed by Google's privacy policy
• Supabase: Database and authentication services governed by Supabase's privacy policy
• OpenAI: AI-generated content governed by OpenAI's terms and privacy policy
• Social Media: Links to external platforms with their own privacy policies
• Product Data APIs: USDA and Open Food Facts have their own terms and privacy policies

Your Responsibility

Review privacy policies of any third-party services you use through our Platform. We are not responsible for the privacy practices of third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we do:

• Notification: Email notification to registered users
• Platform Notice: Prominent notice on the Platform
• Effective Date: New policy effective 30 days after notification
• Material Changes: Additional consent may be required for significant changes

13. Contact Information

Privacy Questions and Requests

• Privacy Requests: privacy@heuristicinsights.app (GDPR, CCPA, data deletion requests)
• General Support: support@heuristicinsights.app (account issues, technical support)
• General Inquiries: hello@heuristicinsights.app (business inquiries, partnerships)
• Legal Matters: legal@heuristicinsights.app (formal legal notices, compliance)

Mailing Address

6418 North Rockwell Street 3, Chicago, IL 60645, US

Response Times

• Privacy Requests: We respond within 5 business days
• General Support: We respond within 2 business days
• Legal Matters: We respond within 7 business days

Data Protection Authorities

EU residents may contact their local data protection authority if privacy concerns cannot be resolved directly with us.

Regional Compliance Officers

For region-specific privacy questions, contact privacy@heuristicinsights.app with your location for appropriate routing.