1. Executive Summary

This Privacy Policy explains how Vlogerly ("we", "our", "the platform") collects, uses, stores, protects, and shares your personal information when you use our content management and blog publishing services.

By using Vlogerly, you accept the practices described in this policy. If you do not agree with any part of this Privacy Policy, you may not use our services.

Key information:

We collect only the data necessary to operate the platform
We do not sell or rent your personal information to third parties
You use trusted third-party services (Firebase, Hotjar, Cloudinary, Sentry)
You have full control over your data and can exercise your GDPR rights
We implement robust security measures to protect your information
Published articles are public; drafts are private

This policy complements our Terms of Service and Cookie Policy.

2. Data Controller

Controller identity: Vlogerly
Trade name: Vlogerly
Address: [To be defined when legal entity is established]
Contact email: [Address available on the platform]
Privacy/DPO email: [Specific address for privacy matters]

Vlogerly is the data controller for your personal data collected through the platform, in accordance with the European Union's General Data Protection Regulation (GDPR) and other applicable privacy laws.

3. Information We Collect

3.1. Information You Provide Directly

During account registration:

Full name: To personalize your experience and display article authorship
Email address: For authentication, communications, and account recovery
Password: Stored encrypted using Firebase Authentication
Username: Unique URL within Vlogerly (3-20 characters)

Registration with Google Sign-In:

Google UID: Unique identifier from your Google account
Profile name: Obtained from your Google account
Google email: Email address associated with your account
Profile photo: Avatar from your Google account (optional)

Optional profile information:

Avatar/profile photo: Image uploaded by you or from Google
Date of birth: For personalization (optional)
Phone number: For SMS notifications (optional)
Biography: Personal description up to 10,000 characters
Social links: URLs to your social media profiles

User content:

Projects: Name, slug, description, domain, logo
Articles: Title, content, excerpt, slug, category, tags, publication status
Images: Article covers, images within content
Metadata: Reading time, publication dates, views, status (draft/published/archived)

3.2. Information Collected Automatically

Session and authentication data:

Session token: HTTP-only cookie __session with 7-day duration
Activity timestamps: Last login date (last_signin_at), last logout (last_signout_at)
Verification status: Whether your email has been verified

Technical and device data:

IP address: For security, fraud prevention, and approximate geolocation
Browser type: Chrome, Firefox, Safari, Edge, etc.
Operating system: Windows, macOS, Linux, Android, iOS
Device type: Desktop, tablet, mobile
Screen resolution: To optimize interface
User Agent: Browser identification string

Usage and navigation data:

Pages visited: URLs accessed within administrative workspace and Blog Center
Actions performed: Project creation, article publishing, edits
Time spent: Session duration and on specific pages
Clicks and interactions: Buttons pressed, forms completed
Errors encountered: Technical failures or UX issues

Performance data (via Sentry):

Error stack traces: Technical error information for debugging
Session context: Application state when errors occur
Browser logs: Console messages relevant to diagnosis

3.3. Information from Third Parties

Firebase Authentication (Google):

Basic profile data if you use Google Sign-In
Authentication tokens generated by Firebase
Login history (timestamps, devices)

Cloudinary:

Images uploaded by you (avatars, covers, article content)
Image metadata (size, format, dimensions)
Applied transformations (resizing, optimization)

Hotjar:

Session recordings (anonymous interface interactions)
Heat maps (areas where users click)
Feedback forms (if you provide comments)

Information not collected:

We do not collect credit card data (service is currently free)
We do not track your precise GPS location
We do not access your camera, microphone, or contacts without explicit permission
We do not knowingly collect data from children under 13

4. How We Use Your Information

4.1. Service Provision and Improvement

We use your information to:

Platform operation:

Create and manage your user account
Authenticate your identity on each login
Store and display your projects and articles
Process images and generate thumbnails
Synchronize content between administrative workspace and Blog Center
Provide search, categorization, and tagging functionalities

Personalization:

Display your name, avatar, and biography on your profile
Remember your preferences (language, interface settings)
Suggest categories or tags based on your history
Optimize Tiptap editor according to your usage patterns

Security and fraud prevention:

Detect and prevent unauthorized access to your account
Identify suspicious or malicious activities
Apply rate limiting to prevent abuse
Validate request authenticity through CSRF tokens

4.2. Communication with You

We use your email for:

Transactional communications (mandatory):

Registration confirmation and email verification
Password or security setting change notifications
Suspicious account activity alerts
Scheduled maintenance or service interruption notices

Product communications (optional):

New feature updates
Usage tips and best practices
Newsletters with highlighted community content
Satisfaction surveys and feedback requests

You can unsubscribe from optional communications at any time by clicking "Unsubscribe" at the bottom of any email or from your account settings.

4.3. Analysis and Improvement

We use aggregated and anonymous data to:

Analyze user usage patterns and behavior (via Hotjar)
Identify usability issues and friction points
Measure platform performance and stability (via Sentry)
Evaluate adoption of new features
Optimize technical architecture and loading speed
Detect and correct software errors

Important: Analytics data is aggregated and anonymized. We do not link analytics to individually identifiable users except for debugging specific reported errors.

4.4. Legal Compliance

We may use and disclose your information when necessary to:

Comply with legal obligations (subpoenas, court orders)
Enforce our Terms of Service
Protect the rights, property, or safety of Vlogerly, users, or the public
Respond to requests from competent authorities
Prevent illegal or fraudulent activities

4.5. Uses for Which We DO NOT Use Your Information

Vlogerly does NOT use your personal information to:

Sell or rent data to third parties for commercial purposes
Targeted advertising based on user profiles
Train artificial intelligence models with your content without consent
Make automated decisions that significantly affect you without human intervention
International transfers without adequate safeguards

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

Processing is necessary to provide the service you have requested:

Create and manage your account
Store and publish your content
Provide administrative workspace functionalities

Consequence of refusal: If you do not provide the minimum required data (name, email, password), we cannot create your account or provide the service.

We process data for our legitimate interest in:

Improving security and preventing fraud
Analyzing platform usage to optimize it
Detecting and correcting technical errors
Sending relevant product communications

Balance of interests: We have assessed that these uses do not override your fundamental rights and freedoms. You may object to these processing activities by exercising your right to object (see section 11).

We request your explicit consent for:

Hotjar analytics cookies (through continued platform use)
Marketing communications and newsletters (through opt-in)
Use of Google Sign-In (through OAuth authorization)

Right to withdraw: You may withdraw your consent at any time without affecting the lawfulness of prior processing.

We process data when necessary to comply with the law:

Retention of tax or accounting records
Response to requests from competent authorities
Compliance with data protection regulations

Vlogerly shares your information with third parties only in the following circumstances:

6.1. Service Providers (Data Processors)

We use trusted external providers who process data on our behalf under strict confidentiality agreements:

Firebase (Google LLC):

Services: User authentication, session token generation
Data shared: Email, UID, name, profile photo (if using Google Sign-In)
Location: United States, Google's global servers
Privacy policy: https://firebase.google.com/support/privacy
Safeguards: Standard Contractual Clauses (SCC), EU-U.S. Data Privacy Framework

Cloudinary (Cloudinary Ltd.):

Services: Image storage, transformation, and delivery
Data shared: Uploaded images (avatars, covers, content)
Location: Configurable (Europe, USA, Asia)
Privacy policy: https://cloudinary.com/privacy
Safeguards: SCC when applicable according to regional configuration

Hotjar (Hotjar Ltd.):

Services: Behavior analysis, session recording, heat maps
Data shared: Interface interactions, pages visited, device technical information
Location: European Union (main servers), United States (processing)
Privacy policy: https://www.hotjar.com/legal/policies/privacy/
Safeguards: SCC, GDPR compliance

Sentry (Functional Software Inc.):

Services: Application error and performance monitoring
Data shared: Stack traces, error logs, session context
Location: United States
Privacy policy: https://sentry.io/privacy/
Safeguards: SCC, EU-U.S. Data Privacy Framework

Resend (Resend Inc.):

Services: Transactional email sending (verification, notifications)
Data shared: Email address, name, notification content
Location: United States
Privacy policy: https://resend.com/legal/privacy-policy
Safeguards: Encryption in transit, standard security practices

PostgreSQL/Neon (Neon Inc.):

Services: Relational database for structured data storage
Data shared: All account, project, article data
Location: Configurable (Europe, USA)
Privacy policy: https://neon.tech/privacy-policy
Safeguards: Encryption at rest and in transit, strict access controls

6.2. Legal Disclosures

We may disclose your information if we are legally required to do so:

Court orders: Subpoenas, search warrants, court orders
Authorities: Valid requests from police, prosecutors, or government agencies
Rights protection: To defend our legal rights in litigation
Public safety: To prevent imminent harm to persons or property

Request review: We carefully evaluate each legal request and disclose only the minimum necessary information. We will notify affected users when the law permits.

6.3. Business Transfers

In case of merger, acquisition, asset sale, or restructuring:

Your information may be transferred to the acquiring entity
We will notify you 30 days in advance before the transfer
The acquiring entity must comply with this Privacy Policy or request your consent for a new policy
You have the right to delete your account before the transfer if you disagree

We may share your information with other third parties if:

You provide us explicit consent to do so
You request it for specific integrations (e.g., connecting with third-party tools)

6.5. Publicly Visible Information

Published articles: When you publish an article in the Blog Center, the following information is public and accessible by anyone:

Article title, content, and excerpt
Category and tags
Publication date
Estimated reading time
Author name (your profile name)
Author avatar (if configured)

Private articles/drafts: Articles with "draft", "private", "scheduled", or "archived" status are NOT public and only you can view them from your administrative workspace.

6.6. We Do Not Sell or Rent Data

Explicit commitment: Vlogerly NEVER sells, rents, or commercializes your personal information to third parties for advertising, marketing, or any other commercial purpose.

7. International Data Transfers

Some of our service providers operate or store data outside the European Economic Area (EEA). We ensure these transfers comply with GDPR through:

7.1. Safeguard Mechanisms

Standard Contractual Clauses (SCC):

Contracts approved by the European Commission that guarantee adequate protection
Implemented with Firebase, Hotjar, Sentry, Cloudinary

EU-U.S. Data Privacy Framework:

Data privacy framework between the EU and USA
Google (Firebase) and Sentry are certified under this framework
Provides recourse mechanisms for EU citizens

Additional certifications:

ISO 27001 (Information Security Management)
SOC 2 Type II (Security, availability, and confidentiality controls)

7.2. Destination Countries

United States:

Firebase (Google)
Sentry
Resend
Neon (optional, configurable)

European Union:

Hotjar (main servers)
Cloudinary (configurable)
Neon (configurable)

7.3. Your Rights in Transfers

You may:

Request specific information about where your data is stored
Object to transfers to specific countries (may affect service provision)
File complaints with your local data protection authority if you consider the transfer inadequate

8. Data Retention

8.1. Active Account Data

While your account is active, we retain your information indefinitely to:

Provide the service
Maintain your project and article history
Fulfill our contractual obligations

Recommended export: We recommend periodically exporting your important content as a security measure.

8.2. Canceled Account Data

When you voluntarily cancel your account:

Grace period (30 days):

Your data is marked for deletion but not immediately erased
You can contact us to reactivate your account and recover all your content
After 30 days, deletion is permanent

Permanent deletion (after 30 days):

User data: Email, name, password, profile, avatar → Deleted
Projects and articles: All created content → Deleted
Cloudinary images: Avatars, covers, content → Deleted
Sessions and tokens: Cookies, authentication tokens → Invalidated

Retained data:

Audit logs: Security logs, access (anonymized) → 6 months to 2 years according to legal requirements
Backup copies: Database snapshots → Maximum 90 days, then deleted
Aggregated data: Anonymous statistics (e.g., "1,000 users created articles in December") → Indefinite (does not personally identify you)

8.3. Suspended Account Data

If your account is suspended for violating Terms of Service:

We retain your data during the investigation and appeal period
If suspension is confirmed, data is deleted according to the canceled account schedule
If suspension is revoked, your account is reactivated with all data intact

8.4. Legal Retention Obligations

In certain cases, we are required to retain data for specific periods:

Tax/accounting information: Up to 7 years (varies by jurisdiction)
Transaction records: If we implement payments, according to financial regulations
Litigation evidence: Until case resolution
Authority requests: As ordered by courts

8.5. Published Article Data

Public articles deleted by user:

Immediately hidden from the Blog Center
Third-party cached copies (Google, social networks) may persist temporarily
Backup copies are deleted within 90 days maximum

Note on indexing: Search engines (Google, Bing) may have indexed your public articles. Deleting an article from Vlogerly does not automatically remove it from search results. You must request removal directly from search engines through their tools (Google Search Console, Bing Webmaster Tools).

9. Data Security

9.1. Technical Measures

We implement multiple security layers to protect your information:

Encryption in transit:

HTTPS/TLS 1.3: All communications between your browser and our servers are encrypted
HTTP Strict Transport Security (HSTS): Forces secure connections
Certificate Pinning: Prevents man-in-the-middle attacks

Encryption at rest:

Passwords: Never stored in plain text; hashed with secure algorithms (bcrypt, scrypt) via Firebase
Session tokens: Cryptographically signed and stored in HTTP-only cookies
Database: Disk-level encryption in PostgreSQL/Neon
Images: Secure storage on Cloudinary with signed URLs when necessary

Access controls:

Multi-factor authentication: Available via Firebase Authentication
Session tokens with expiration: 7-day maximum duration
Session revocation: You can close all active sessions by changing your password
Role-based access control (RBAC): Separation between users, administrators, and services

Attack protection:

Rate limiting: Request limits per IP/user to prevent brute force
CSRF protection: Anti-forgery tokens in forms
XSS prevention: User content sanitization
SQL injection prevention: Use of parameterized queries (Drizzle ORM)

9.2. Organizational Measures

Limited data access:

Only authorized personnel can access user data
Principle of least privilege (access only to what is necessary)
Periodic access review and audit

Security training:

Team training in privacy and security best practices
Awareness of phishing, social engineering, and threats

Audits and testing:

Periodic review of security configurations
Penetration testing (pentesting) when feasible
Continuous vulnerability monitoring (Sentry, security logs)

Incident response plan:

Documented procedures to respond to security breaches
Notification to affected users within 72 hours if a breach occurs (GDPR requirement)
Cooperation with authorities and security experts

9.3. Your Responsibilities

Security is a shared responsibility. You must:

Use strong passwords: Minimum 8 characters, combination of uppercase, lowercase, numbers, and symbols
Do not share credentials: Your password is personal and non-transferable
Log out on shared devices: Do not leave your account open on public computers
Report suspicious activity: Contact immediately if you detect unauthorized access
Keep your email secure: Your email account is the gateway for password recovery

9.4. Security Limitations

Despite our efforts, no system is 100% secure. We cannot guarantee:

Absolute protection against sophisticated attacks or advanced persistent threats (APT)
Security of information transmitted over unsecured public networks
Protection against unknown zero-day vulnerabilities

Breach notification: If a security breach occurs affecting your personal data, we will notify you by email and platform notice within 72 hours of discovery, as required by GDPR.

10. Children's Privacy

Vlogerly is not directed at children under 13 and we do not knowingly collect personal information from children under this age.

10.1. Age Verification

We require all users to be at least 18 years old to create an account without restrictions
Users between 13 and 17 years old may use the platform only with verifiable parental consent
We do not actively request date of birth during registration, but it is available as an optional field

10.2. If We Discover Data from Minors

If we become aware that we have collected personal information from a child under 13 without parental consent:

We will delete the account and all associated data immediately
We will notify the registered email about the deletion
We will not process any additional information

10.3. Parent and Guardian Responsibility

If you are a parent or legal guardian and discover that your child under 13 has created an account without your consent:

Contact our privacy team immediately
We will provide assistance in deleting the account
We will delete all associated data within 7 business days

If you are a parent/guardian and want your child (13-17 years) to use Vlogerly:

You must register the account on their behalf with supervision
You are responsible for reviewing and accepting these terms and policies
You are responsible for your child's activity on the platform
You have the right to access, rectify, or delete your child's data at any time

11. Your Privacy Rights

Under GDPR and other applicable data protection laws (CCPA, LGPD), you have the following rights:

You may request:

A copy of all personal data we hold about you
Information about how we process your data
Categories of data collected
Recipients with whom we share your data
Anticipated retention period

How to exercise: Send an email to our privacy email with subject "Data Access Request".

Response time: 30 days from receipt of your request.

Format: We will provide data in a structured, commonly used, machine-readable format (JSON, CSV).

You may:

Correct inaccurate personal data
Complete incomplete data

How to exercise:

Directly: Update information from your profile settings on the platform
By request: If data is not directly editable, contact our privacy team

Timeline: Immediate updates on the platform; requests processed within 7 business days.

You may request deletion of your personal data if:

Data is no longer necessary for the original purposes
You withdraw your consent (when processing was based on consent)
You object to processing and there are no overriding legitimate grounds
Data was processed unlawfully
Law requires deletion

How to exercise:

Cancel account: From account settings > Delete account
Specific request: Contact privacy team for partial deletions

Exceptions: We cannot delete data if we need to retain it to:

Comply with legal obligations
Establish, exercise, or defend legal claims
Public interest or public health reasons

You may request that we limit processing of your data (without deleting it) if:

You dispute data accuracy (while we verify)
Processing is unlawful but you don't want data deleted
We no longer need the data but you need it for legal claims
You have objected to processing (while we verify if legitimate grounds prevail)

Effect: We will store data but not actively process it (except with your consent or for legal claims).

You may receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.

Data included:

Account information (name, email, profile)
Projects, articles, categories, tags
Content metadata

Format: JSON, CSV, or Markdown (depending on data type).

How to exercise: Request a complete export via the privacy email.

Note: We are currently developing a direct export feature from the interface. Meanwhile, we process requests manually.

You may object to processing of your data based on legitimate interest or for direct marketing purposes.

Marketing: You can unsubscribe from promotional emails at any time by clicking "Unsubscribe" or from account settings.

Legitimate interest: We will evaluate your request and stop processing your data unless we have compelling legitimate grounds that override your interests.

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

Vlogerly currently does not make automated decisions that significantly affect you (e.g., we do not use AI to reject accounts, suspend users, or make automatic moderation decisions without human review).

11.8. How to Exercise Your Rights

By email:

Send your request to: [Privacy email available on the platform]
Subject: "GDPR Rights Request - [Type of right]"
Include: Your full name, registered email, request description

Identity verification: To protect your privacy, we will verify your identity before processing requests through:

Confirmation of registered email
Security questions about your account
In exceptional cases, copy of official ID (will be deleted after verification)

Timelines:

Initial response: 7 business days
Complete processing: 30 days (may extend to 60 days in complex cases with prior notification)

No cost: Exercising these rights is free. We may charge a reasonable fee if requests are manifestly unfounded, excessive, or repetitive.

12. Cookies and Tracking Technologies

Vlogerly uses cookies and similar technologies to improve your experience. This section is a summary; for complete information, see our dedicated Cookie Policy.

12.1. Essential Cookies

Cookie __session:

Purpose: Authentication and session maintenance
Duration: 7 days
Type: HTTP-only, Secure (in production), SameSite=Lax
Provider: Vlogerly (Firebase Admin SDK)
Necessary: Yes, you cannot use the platform without this cookie

12.2. Analytics Cookies (Hotjar)

_hjSessionUser_*, _hjSession_*, _hjIncludedInSessionSample_*, etc.
Purpose: Behavior analysis, session recording, heat maps
Duration: From session to 1 year (depending on specific cookie)
Necessary: No, you can disable them

Hotjar opt-out: https://www.hotjar.com/policies/do-not-track/

12.3. LocalStorage and Similar Technologies

Vlogerly uses browser LocalStorage to:

Store authenticated user information (UID, name, email, avatar)
Last session verification timestamp (lastMeAt)
Temporary form state (article drafts)

Management: You can clear LocalStorage from your browser's developer tools (F12 > Application > Local Storage).

12.4. Service Workers (PWA)

We implement Service Workers for offline functionality:

Image cache (max 60 entries, 30 days)
API response cache (NetworkFirst strategy)

Management: You can disable Service Workers from DevTools (Application > Service Workers > Unregister).

For more details, see the complete Cookie Policy.

13. Links to Third-Party Sites

Vlogerly may contain links to third-party websites or services (for example, in user articles, documentation, or integrations).

We are not responsible for:

Privacy policies of third-party sites
Content or practices of external sites
Security of information you provide to third parties

Recommendation: Review the privacy policies of any third-party sites before providing them with personal information.

Links in user articles: Users are responsible for links they include in their content. Vlogerly does not validate or endorse websites linked from articles.

14. Changes to this Privacy Policy

Vlogerly reserves the right to modify this Privacy Policy at any time to reflect:

Changes in our data processing practices
New features or services
Legal or regulatory requirements
Security or privacy improvements

14.1. Change Notification

Substantial changes:

We will update the "Last updated" date at the beginning of this document
We will notify you by email with 30 days advance notice
We will post a prominent notice on the platform
We will require explicit acceptance if the change affects fundamental rights

Minor changes:

We will update the "Last updated" date
We will post a notice on the platform
Continued service use will be considered acceptance of changes

14.2. Recommended Review

We recommend periodically reviewing this Privacy Policy to stay informed about how we protect your information.

14.3. Version History

Version 1.0 - December 5, 2025: Initial version published.

15. Jurisdiction and Applicable Law

This Privacy Policy is governed by the laws of [Jurisdiction to be defined, e.g., European Union / Dominican Republic].

For users in the European Union, this policy complies with the General Data Protection Regulation (GDPR - Regulation EU 2016/679).

For users in California, USA, we also comply with the California Consumer Privacy Act (CCPA).

16. Contact and Complaints

16.1. Privacy Contact

For questions, comments, or exercise of rights related to this Privacy Policy:

Privacy email: [Specific address for privacy matters]
General email: [General support address]
Postal address: [To be defined when legal entity is established]

Business hours: We respond to inquiries Monday through Friday, 9:00 AM to 6:00 PM (local time).

16.2. Supervisory Authority

If you are not satisfied with how we have handled your data or the exercise of your rights, you have the right to file a complaint with your local data protection authority.

For users in the European Union: You may file a complaint with your country's data protection authority. Find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

For users in Spain: Spanish Data Protection Agency (AEPD)
Website: https://www.aepd.es
Phone: 901 100 099 / 912 663 517

For users in other countries: Consult your jurisdiction's data protection authority.

16.3. Dispute Resolution

We are committed to resolving any complaints about the collection or use of your personal information. If you have a complaint:

Contact our privacy team first (email above)
We will investigate and respond within 30 days
If unsatisfied, you may escalate to the supervisory authority
You may also seek mediation or arbitration as established in our Terms of Service

17. Frequently Asked Questions

Does Vlogerly sell my personal information?

No. Vlogerly NEVER sells, rents, or commercializes your personal information to third parties.

Are my articles private by default?

Yes. Articles are created in "draft" status by default, which is private. They are only public when you manually change the status to "published".

Can I delete my account and all my data?

Yes. You can cancel your account from settings. You will have a 30-day grace period to reactivate it. After that, all your data is permanently deleted.

How do you protect my password?

We never store passwords in plain text. We use Firebase Authentication which hashes passwords with secure algorithms (bcrypt/scrypt). Not even we can see your password.

Hotjar receives information about how you interact with the interface (clicks, cursor movements, pages visited), but does not capture sensitive form data (passwords, emails in input fields).

Can I use Vlogerly without accepting analytics cookies?

Yes. Only the __session session cookie is mandatory. You can block Hotjar cookies from your browser or use their opt-out, and the platform will continue to function normally.

How do I export my data?

We are currently developing a direct export feature. Meanwhile, you can manually copy your content or request a complete export by contacting the privacy team.

Does Vlogerly read my private articles?

No. We do not read your private articles/drafts for analysis or marketing purposes. We only access user data when necessary for technical support, error debugging, or legal compliance.

What happens to my content if Vlogerly shuts down?

In the unlikely event of closure, we will notify you 90 days in advance and provide export tools to recover all your content.

How long do you retain my data after deleting my account?

Your personal data and content are permanently deleted 30 days after canceling your account. Backup copies are deleted within a maximum of 90 days.

Can I request deletion of only part of my data?

Yes. You can request deletion of specific data (e.g., biography, phone) without deleting your entire account. Contact the privacy team with your specific request.

Does Vlogerly use my content to train AI?

No. We do not use your content to train artificial intelligence models without your explicit consent.

How do I report a privacy issue?

Contact our privacy email immediately with problem details. We will investigate and respond within a maximum of 72 hours.

Vlogerly - Content management platform for creators.
This Privacy Policy is an integral part of our commitment to transparency and protection of your personal data.