1. Introduction

Welcome to Pressbook. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service.

Pressbook is based in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy laws.

By using Pressbook, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

• Name (first and last)

• Email address

• Password (encrypted)

• Profile picture (optional)

• Date of birth (to verify you're 13+)

• Gender (optional)

• Country/location

Portfolio Content:

• Videos you upload

• Images and graphics

• Text content (bio, descriptions, rate cards)

• Social media handles (Instagram, TikTok, YouTube, etc.)

• Brand collaboration history

• Work samples and case studies

Payment Information:

• Billing name and address

• Payment method details (processed by Stripe - we don't store full card numbers)

• Transaction history

• Subscription plan details

Communications:

• Messages you send us (support emails, feedback)

• Survey responses

• Newsletter preferences

• Email correspondence with brands (if you connect your inbox)

2.2 Information We Collect Automatically

When You Use Pressbook:

• IP address

• Browser type and version

• Operating system

• Device type (mobile, tablet, desktop)

• Pages you visit and features you use

• Time and date of visits

• Referring website

• Click behavior and navigation patterns

Cookies and Similar Technologies:

• Session cookies (to keep you logged in)

• Preference cookies (to remember your settings)

• Analytics cookies (to understand how you use the Service)

• Authentication tokens

See Section 12 for detailed information about cookies.

2.3 Portfolio Visitor Analytics

When someone visits your portfolio, we collect:

• IP address

• Geographic location (city, country, timezone)

• Company/organization name (when detectable from IP address)

• Device type, browser, and operating system

• Pages viewed and videos watched

• Time spent on portfolio

• Actions taken (contact clicks, social link clicks, rate card views)

• Referral source (where they came from)

• UTM tracking parameters

This data is collected to provide you with analytics about who's viewing your portfolio.

2.4 Email Integration Data

If you connect your email account (Gmail, Outlook):

• Your email address

• Access tokens to send/read emails

• Emails we identify as UGC collaboration opportunities

• Email metadata (sender, subject, date, recipient)

• Email open and click tracking data

• Brand contact information from your inbox

We only analyze business-related emails to identify collaboration opportunities. We do not read or store personal emails unrelated to UGC work.

2.5 Information from Third Parties

BigDataCloud:

• IP geolocation data (city, country, timezone)

• ISP and organization information

• Network details

Stripe:

• Payment confirmation

• Transaction status

• Billing information

Email Providers (Gmail, Outlook):

• Email content (only collaboration-related emails)

• Contact lists (only when you authorize)

• Calendar data (if you use scheduling features)

Social Media Platforms:

• Public profile information (if you link your accounts)

• Follower counts and engagement metrics (public data only)

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide the Service

• Create and manage your account

• Host and display your portfolio

• Process video uploads and transcoding

• Enable custom domain connections

• Provide analytics about portfolio visitors

• Send portfolio sharing emails

• Track email opens and clicks

• Identify collaboration opportunities in your inbox

3.2 To Process Payments

• Process subscription payments

• Manage billing and invoices

• Handle refunds and cancellations

• Prevent fraud and unauthorized charges

3.3 To Communicate with You

• Send transactional emails (account creation, password resets, billing)

• Respond to support inquiries

• Send service announcements and updates

• Deliver marketing emails (if you opt in)

• Send newsletter and blog updates (if you opt in)

• Notify you of new features

3.4 To Improve the Service

• Analyze usage patterns and trends

• Identify bugs and technical issues

• Test new features

• Conduct research and analysis

• Improve user experience

• Develop new features

3.5 To Ensure Security

• Detect and prevent fraud

• Protect against abuse and spam

• Enforce our Terms of Service

• Comply with legal obligations

• Protect our rights and property

3.6 To Provide Analytics

• Identify companies viewing portfolios

• Track visitor engagement

• Measure conversion rates

• Show you which brands are interested

• Help you track deal pipeline

3.7 Marketing and Advertising

• Show you relevant advertisements (via Meta Ads, Google Ads)

• Measure advertising effectiveness

• Create lookalike audiences

• Retarget visitors who viewed your site

4. Legal Basis for Processing (GDPR)

Under UK GDPR and EU GDPR, we process your data based on:

Consent:

• Marketing emails and newsletters (you can withdraw consent anytime)

• Email inbox scanning for collaboration opportunities

• Cookie usage (except essential cookies)

• Connecting third-party services

Contract Performance:

• Providing the Service you signed up for

• Processing payments

• Hosting your portfolio

• Providing analytics

Legitimate Interests:

• Improving the Service

• Preventing fraud and abuse

• Analyzing usage patterns

• Marketing our Service (where permitted)

• Customer support

Legal Obligations:

• Complying with tax and accounting requirements

• Responding to legal requests

• Enforcing our rights

5. How We Share Your Information

We do not sell your personal data. We share information in the following circumstances:

5.1 With Third-Party Service Providers

Supabase (Database & Authentication):

• Stores all your account data, portfolio content, and analytics

• Servers located in EU and US regions

• Privacy Policy: https://supabase.com/privacy

Stripe (Payment Processing):

• Processes subscription payments

• Stores billing information

• Privacy Policy: https://stripe.com/privacy

Mux (Video Hosting):

• Hosts and transcodes your videos

• Delivers video content to portfolio visitors

• Privacy Policy: https://www.mux.com/privacy

BigDataCloud (IP Geolocation):

• Identifies visitor location and company from IP addresses

• Privacy Policy: https://www.bigdatacloud.com/privacy

Clearbit (Company Enrichment - Optional):

• Enriches company data for identified visitors

• Privacy Policy: https://clearbit.com/privacy

Resend (Email Delivery):

• Sends portfolio sharing emails

• Tracks email opens and clicks

• Privacy Policy: https://resend.com/legal/privacy-policy

Vercel (Hosting):

• Hosts the Pressbook application

• Content delivery network

• Privacy Policy: https://vercel.com/legal/privacy-policy

OpenAI/Anthropic Claude (AI Analysis):

• Analyzes emails to identify collaboration opportunities

• Processes email content you authorize us to scan

• Privacy Policies: https://openai.com/privacy | https://www.anthropic.com/legal/privacy

Klaviyo (Email Marketing):

• Sends marketing emails and newsletters (if you opt in)

• Manages email preferences

• Privacy Policy: https://www.klaviyo.com/legal/privacy

Meta Ads (Facebook/Instagram Advertising):

• Delivers targeted advertisements

• Tracks ad performance

• Privacy Policy: https://www.facebook.com/privacy/policy

Google Ads (Advertising):

• Delivers targeted advertisements

• Tracks ad performance

• Privacy Policy: https://policies.google.com/privacy

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Portfolio Visitors

When someone visits your portfolio, they can see:

• Your public profile information (name, photo, bio)

• Your portfolio content (videos, images, work samples)

• Your social media handles (if you choose to display them)

• Your rate card (if you make it visible)

• Contact information you choose to display

You control what information is visible on your portfolio.

5.3 Email Recipients

When you share your portfolio via email:

• Recipients receive the email from your connected account or from hello@pressbook.co

• Recipients can see information you include in the email

• We track when recipients open the email and click links (shown only to you)

5.4 Business Transfers

If Pressbook is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

5.5 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations (court orders, subpoenas)

• Protect our rights and property

• Prevent fraud or abuse

• Protect the safety of users or the public

• Respond to government requests

5.6 With Your Consent

We may share your information with other parties when you give us explicit consent to do so.

6. International Data Transfers

Pressbook is based in the United Kingdom. Your information may be transferred to and processed in:

• European Union (Supabase EU region, some service providers)

• United States (Mux, Stripe, OpenAI, Meta, Google, Vercel)

When we transfer data outside the UK/EU, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the EU Commission

• Service providers certified under Privacy Shield successor frameworks

• Adequacy decisions by the UK/EU authorities

By using Pressbook, you consent to these international transfers.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

7.1 Account Data

• Active accounts: Retained while your account is active

• Deleted accounts: 30-day grace period, then permanently deleted

• Backups: May persist in backups for up to 90 days after deletion

7.2 Portfolio Content

• While active: Retained indefinitely

• After deletion: Deleted within 30 days (may persist in backups for 90 days)

7.3 Analytics Data

• Visitor analytics: Retained indefinitely for historical reporting

• IP addresses: Retained indefinitely (may be anonymized after 12 months)

• Session data: Retained indefinitely

7.4 Email Integration Data

• Connected accounts: Access tokens retained while connected

• Synced emails: Retained indefinitely while connected

• After disconnection: Deleted within 30 days

7.5 Portfolio Shares

• Email tracking data: Retained indefinitely for analytics

• Sent emails: Tracking records retained indefinitely

7.6 Payment Data

• Transaction history: Retained for 7 years (tax/accounting requirements)

• Payment methods: Stored by Stripe until you remove them

7.7 Communications

• Support emails: Retained for 3 years

• Marketing emails: Retained until you unsubscribe

You can request deletion of your data at any time by contacting hello@pressbook.co. Some data may be retained where we have a legal obligation to do so.

8. Your Rights (GDPR)

Under UK GDPR and EU GDPR, you have the following rights:

8.1 Right to Access

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification

You can correct inaccurate or incomplete data through your account settings or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

8.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

8.5 Right to Data Portability

You can request a copy of your data in a machine-readable format to transfer to another service.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we process data based on consent, you can withdraw consent at any time.

8.8 Right to Lodge a Complaint

You can file a complaint with the UK Information Commissioner's Office (ICO) or your local data protection authority.

To exercise your rights, contact us at: hello@pressbook.co

We will respond to requests within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Security Measures:

• Encryption in transit (HTTPS/TLS)

• Encryption at rest for sensitive data

• Secure password hashing (bcrypt)

• Regular security audits

• Access controls and authentication

• Secure API endpoints

• Regular backups

• Monitoring for suspicious activity

Employee Access:

• Employees access data only when necessary for support or operations

• Background checks for employees with data access

• Training on data protection

Third-Party Security:

• All service providers maintain SOC 2 or equivalent certifications

• Regular vendor security assessments

Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Pressbook is available to users aged 13 and older. We do not knowingly collect personal information from children under 13.

Users aged 13-17:

• Can create accounts and use the Service

• No parental consent required

• Same terms apply as adult users

If we discover we have collected data from a child under 13, we will delete it immediately.

Parents or guardians who believe their child under 13 has created an account should contact us at hello@pressbook.co.

11. Marketing and Communications

11.1 Transactional Emails

We will send you emails necessary to provide the Service:

• Account creation and verification

• Password resets

• Payment confirmations and receipts

• Service announcements

• Security alerts

You cannot opt out of transactional emails.

11.2 Marketing Emails

With your consent, we may send:

• Product updates and new features

• Tips and best practices

• Newsletter and blog updates

• Promotional offers

• Event invitations

Opting Out:

• Click "Unsubscribe" in any marketing email

• Update preferences in your account settings

• Email hello@pressbook.co

You can opt out at any time. Opting out does not affect transactional emails.

11.3 Blog and Newsletter

If you subscribe to our blog or newsletter, we will send periodic content updates. You can unsubscribe at any time.

12. Cookies and Tracking Technologies

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to provide and improve the Service.

12.2 Types of Cookies We Use

Essential Cookies (Cannot be Disabled):

• Authentication cookies (keep you logged in)

• Security cookies (prevent fraud)

• Load balancing cookies

Analytics Cookies:

• Track how you use the Service

• Measure feature usage

• Identify bugs and issues

• Used by us and third-party analytics providers

Preference Cookies:

• Remember your settings

• Store language preferences

• Remember display options

Advertising Cookies:

• Deliver relevant ads (Meta Ads, Google Ads)

• Measure ad effectiveness

• Create custom audiences

• Retarget visitors

12.3 Third-Party Cookies

Our service providers may set cookies:

• Google Analytics: Website analytics

• Meta Pixel: Facebook/Instagram advertising

• Google Ads: Google advertising

• Stripe: Payment processing

12.4 Managing Cookies

Browser Settings:

• Most browsers allow you to refuse or delete cookies

• See your browser's help section for instructions

• Note: Disabling cookies may limit Service functionality

Opt-Out Tools:

• Google Ads Settings: https://adssettings.google.com

• Facebook Ad Preferences: https://www.facebook.com/ads/preferences

• Network Advertising Initiative: https://www.networkadvertising.org/choices

12.5 Do Not Track

Some browsers have "Do Not Track" features. When enabled, we will:

• Not set analytics or advertising cookies

• Not track IP addresses or identify companies

• Still provide the Service with reduced functionality

12.6 Portfolio Visitor Tracking

When someone visits your portfolio, we use:

• Session cookies to track their visit

• Visitor ID cookies to identify returning visitors (stored in localStorage)

• Analytics tracking to collect engagement data

This tracking provides you with portfolio analytics. Visitors cannot opt out of this tracking as it's essential to the Service you've subscribed to.

13. Email Inbox Scanning

13.1 What We Scan

If you connect your email account, we scan your inbox to identify UGC collaboration opportunities from brands.

We analyze:

• Emails from business domains (not personal emails)

• Subject lines and email content

• Sender information

• Emails containing keywords like "collaboration," "partnership," "campaign," "UGC"

We do NOT scan:

• Personal emails from friends and family

• Emails from personal domains (Gmail, Yahoo, Hotmail)

• Emails unrelated to UGC work

• Emails you mark as private

13.2 How We Use AI

We use OpenAI and Anthropic Claude to analyze emails and extract:

• Brand names

• Collaboration opportunities

• Budget/rate information

• Deliverable requirements

• Timeline and deadlines

AI providers process email content only for this purpose and do not store or train models on your data.

13.3 Your Control

You can:

• Disconnect your email at any time

• Choose which emails we scan

• Mark emails as "not an opportunity"

• Delete synced emails

When you disconnect, all synced emails are deleted within 30 days.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

• What personal information we collect

• How we use it

• Who we share it with

Right to Delete:

• Request deletion of your personal information

Right to Opt-Out:

• Opt out of the "sale" of personal information (we do not sell data)

Right to Non-Discrimination:

• We will not discriminate against you for exercising your rights

To exercise these rights: Email hello@pressbook.co with "CCPA Request" in the subject line.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date

• We will notify you via email (if you have an account)

• We may display a notice on the Service

• Material changes will be communicated at least 30 days in advance

Your continued use of the Service after changes take effect means you accept the updated Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: hello@pressbook.co
Website: https://pressbook.co
Location: United Kingdom

For GDPR requests: hello@pressbook.co

To report a data breach or security concern: hello@pressbook.co

17. Supervisory Authority

If you're in the UK or EU and have concerns about how we handle your data, you can contact:

UK Information Commissioner's Office (ICO):

• Website: https://ico.org.uk

• Phone: 0303 123 1113

EU Data Protection Authorities:

• Find your local authority: https://edpb.europa.eu/about-edpb/board/members_en

By using Pressbook, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.