Privacy Policy

1. Data controller

The data controller is the operator of this application. You can reach us at contact [at] epsodrill.com or via the in-app support channel.

2. Data we collect

We collect the following categories of data:

• Account data (email, authentication identifiers via Supabase)
• User-generated content within the application
• Usage data (events, navigation patterns via PostHog)
• Technical logs (errors via Sentry, server logs via Vercel)
• Cookies and local storage for session management

3. Legal basis (GDPR)

• Performance of a contract (service delivery)
• Legitimate interest (security, product improvement)
• Consent (analytics and optional tracking where applicable)

4. Third-party processors

We use the following processors:

• Supabase (authentication, database, storage)
• PostHog (product analytics and event tracking)
• Vercel (hosting, edge functions, logs)
• Sentry (error monitoring and diagnostics)
• Stripe (payment processing and billing)

These providers may process data outside the EU under standard contractual clauses.

5. Data retention

Data is retained as long as necessary to provide the service or comply with legal obligations. Logs and analytics data may be retained in aggregated form.

6. User rights

• Access your data
• Rectify inaccurate data
• Request deletion
• Object to processing (where applicable)
• Data portability (where applicable)

Requests can be made at contact [at] epsodrill.com or via the in-app support channel.

7. Cookies & tracking

We use essential cookies for authentication and optional analytics cookies via PostHog. Tracking can be disabled where consent mechanisms are implemented.

8. Security

We implement technical and organizational measures including encryption in transit, access control, and monitoring via Sentry.