Privacy Policy
Last updated: October 1, 2025
Introduction
At Stumbleable, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Information We Collect
Personal Information
When you create an account, we collect:
- Email address
- Username
- Profile information (optional)
Usage Information
We collect information about how you interact with Stumbleable, including:
- Content you discover and interact with
- Your wildness preferences
- Saved items and lists
- Browsing patterns and timestamps
How We Use Your Information
We use the information we collect to:
- Provide and improve our discovery service
- Personalize your content recommendations
- Communicate with you about updates and features
- Ensure platform safety and security
- Analyze usage patterns to enhance user experience
Data Sharing and Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- With your consent
- To comply with legal obligations
- To protect our rights and prevent fraud
- With service providers who assist in operating our platform
Your Rights
Under GDPR and CCPA, you have comprehensive rights regarding your personal data:
Right to Access
You can request to see what personal data we hold about you at any time.
Export Your DataRight to Data Portability
You can download your data in a structured, commonly used format (JSON or CSV). This allows you to move your information to another service if you choose.
Download Your DataRight to Rectification
You can request correction of inaccurate or incomplete personal data.
Update Your ProfileRight to Erasure (\"Right to be Forgotten\")
You can request deletion of your account and all associated data. Your account will be deactivated immediately, with a 30-day grace period before permanent deletion.
Right to Object
You can object to certain types of data processing, including marketing communications and automated decision-making.
Right to Restrict Processing
You can request that we limit how we use your data while we investigate concerns or resolve disputes.
How to Exercise Your Rights
To exercise any of these rights, you can:
- Use the self-service tools linked above
- Contact us at: privacy@stumbleable.com
- We will respond to your request within 30 days
Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
Security Measures
- Industry-standard encryption for data in transit and at rest
- Secure authentication via Clerk with modern OAuth flows
- Regular security audits and vulnerability assessments
- Access controls and role-based permissions
- Automated monitoring for suspicious activity
- Secure cloud infrastructure with enterprise-grade hosting
Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy.
Active Accounts
Your data is retained as long as your account is active and you continue to use our service.
Inactive Accounts
If you don't log in for 2 years, we may contact you to confirm if you want to keep your account. After notification, inactive accounts may be deleted after an additional 6 months.
Deleted Accounts (Grace Period)
When you request account deletion:
- Immediate: Account deactivated, no longer accessible
- 30 Days: Grace period - you can cancel and restore your account
- After 30 Days: All data permanently deleted from our systems
Legal Requirements
Some data may be retained longer if required by law, for fraud prevention, or to resolve disputes. This includes transaction records, legal communications, and security logs.
Backup Systems
Deleted data may persist in backup systems for up to 90 days before being permanently purged. These backups are encrypted and inaccessible except for disaster recovery.
Contact Us
If you have questions about this Privacy Policy, please contact us at: privacy@stumbleable.com