Privacy Policy

Last updated: 3 September 2025

The Buzzer ("we", "our", "us") helps people discover and track invite‑only apps and games. This policy explains what we collect and why. We strive for transparency in how we handle your data.

1. Data We Collect

  • Account Data: Email address and basic auth metadata from our authentication provider (Supabase Auth) when you sign in.
  • Submitted Content: Invite codes, descriptions, tags and any optional notes you choose to publish.
  • Usage & Technical: Minimal logs for performance, abuse prevention and aggregate stats (e.g. request timing, anonymised IP hash, user agent).
  • Advertising Data: We partner with third-party advertising networks, like Google AdSense, to display ads on our Service. These partners may use cookies, web beacons, and other technologies to collect information about your browsing activities over time and across different websites. This may include IP address, device identifiers, and browsing history to serve personalized ads.

2. What We Do and Do Not Do

  • We do not sell your personal data for direct monetary payment. However, our use of third-party advertising partners may constitute a "sale" or "sharing" of data under certain privacy laws like the California Privacy Rights Act (CPRA). Please see the "Advertising" and "Your Rights" sections for more information and opt-out choices.
  • We do not use dark patterns forcing sharing of contacts or social graphs.

3. How We Use Data

  • Operate and improve the platform.
  • Surface scarcity / availability stats for apps & games.
  • Prevent abuse, spam and fraudulent submissions.
  • Respond to support requests.
  • Display third-party advertising to support the Service.

4. Legal Bases (EU/EEA, UK & US)

For users in the EU/EEA & UK we rely on: (a) Consent for placing non-essential cookies and processing personal data for personalized advertising; (b) Legitimate Interests (operate, secure, prevent abuse, improve); (c) Performance of a Contract (providing the Service you requested when you sign up / log in); (d) Legal Obligation if we must retain limited information for compliance or law‑enforcement requests. For US users we process data for substantially the same purposes under applicable federal / state privacy principles.

5. Retention

Account data persists while you have an account. Public submissions remain publicly visible unless you remove them (or they violate guidelines). Backups are pruned on a rolling basis (typically < 30 days).

6. International Data Transfers

Our primary hosting infrastructure (Supabase) is located in Germany, within the European Union. When you use our Service from outside the EU, such as from the United States, your personal data is transferred to, stored, and processed in Germany. Data transfers to the EU are protected by the high standards of the General Data Protection Regulation (GDPR). If we use sub-processors located outside the EU/EEA for other functions, we will ensure that data transfers are protected by appropriate safeguards, such as Standard Contractual Clauses.

7. Sharing

We share data with the following categories of third parties:

  • Essential Processors: Hosting and database providers (Supabase / Vercel) who process data on our behalf, bound by contractual data protection terms.
  • Advertising Partners: We share data with third-party advertising networks, such as Google, to serve ads on our Service. These partners may collect and process your data according to their own privacy policies. You can learn more about how Google uses data here: https://policies.google.com/technologies/partner-sites.

Under some privacy laws (e.g., CPRA), our use of online advertising may be considered a "sale" or "sharing" of personal information. Please see the "Your Rights" section for information on how to opt-out.

8. Your Rights

You have the right to:

  • Access / export your data.
  • Delete your account and submissions (irreversible for private data; public content may persist in backups briefly).
  • Correct inaccurate information.
  • Object to or restrict certain processing.

Additional EU/EEA/UK rights: data portability; lodge a complaint with a Supervisory Authority; withdraw consent (where processing is based on consent). California (CPRA) users: right to know categories of personal information, request deletion, correction and non‑discrimination.

Managing Advertising Preferences and Cookie Consent:

You can control and manage your consent for non-essential cookies, including those for advertising, through the cookie consent banner presented when you first visit our site. Users in California may opt out of the "sale" or "sharing" of their personal information by clicking the "Do Not Sell or Share My Personal Information" link, which may be available in the footer of our website.

9. Security

We apply principle of least privilege, row‑level security in the database, and industry‑standard encryption in transit. No system is perfectly secure; we will notify users of any material breach as required by law.

10. Children

The Service is not directed to children under 16 (or under 13 in the United States under COPPA). If you believe a child provided data, contact us and we will remove it.

11. Changes

We will update this page for material changes (changed date at top). Continued use after changes constitutes acceptance.

12. Contact

Email: thebuzzer@piliar.me. EU users may also lodge a complaint with their local Supervisory Authority. If required, we will appoint an EU/UK representative (this page will be updated).

13. Jurisdiction

Primary establishment and infrastructure in the EU/EEA (Germany). Where EU/UK data protection laws apply they govern our processing of personal data for those users. For other users, applicable US federal and state laws apply. In the event of conflict between translated or summarized versions and the English version, the English version controls.

---

This document is provided for transparency and does not constitute legal advice.