Privacy Policy

Last updated: January 2025

1. Introduction

This Privacy Policy explains how Nonatomic ("we", "us", or "our") collects, uses, and protects your personal data when you use Demonstrable ("the Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller: Nonatomic
Contact: privacy@nonatomic.co.uk

2. Data We Collect

2.1 Account Information

When you sign in with Google OAuth, we collect:

  • Email address
  • Display name
  • Profile picture URL
  • Google user ID (for authentication)

2.2 User-Generated Content

When you use the Service, we store:

  • Demo links (URLs you submit)
  • Screenshots you upload
  • Titles, descriptions, and tags you provide
  • Collections you create
  • Feedback you leave on demos

2.3 Usage Data

We automatically collect:

  • Click analytics (when users click your demo links)
  • Referrer URLs
  • Approximate geographic location (country, city) derived from IP addresses
  • Browser user agent strings
  • UTM parameters for campaign tracking

2.4 Activity Logs

For security and abuse prevention, we log:

  • Account actions (login, content creation, deletions)
  • IP addresses associated with actions
  • Timestamps of activities

3. Legal Basis for Processing

We process your personal data based on:

  • Contract: To provide the Service you signed up for
  • Legitimate Interest: For analytics, security, and service improvement
  • Consent: For optional features like marketing communications
  • Legal Obligation: To comply with applicable laws

4. How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity
  • To display your public profile and demos
  • To provide analytics on your demo performance
  • To prevent abuse and ensure security
  • To communicate with you about the Service
  • To improve the Service based on usage patterns

5. Data Storage and Security

Your data is stored securely using Supabase, which provides enterprise-grade security including encryption at rest and in transit. Our infrastructure is hosted in secure data centers with appropriate technical and organizational measures to protect your data.

We implement access controls, encryption, and regular security reviews to protect against unauthorized access, alteration, or destruction of your data.

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Infrastructure providers (Supabase, Vercel) who process data on our behalf
  • Legal Requirements: When required by law or to protect our rights
  • Public Content: Your demos and public profile are visible to other users

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all your personal data within 30 days, except where retention is required for legal purposes or legitimate business interests (such as fraud prevention).

Analytics data may be retained in anonymized form for statistical purposes.

8. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Data Portability: Export your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, visit the Account Settings page or contact us at privacy@nonatomic.co.uk.

9. Cookies and Local Storage

We use:

  • Authentication Cookies: HTTP-only cookies to maintain your session
  • Local Storage: To store your theme preferences

We do not use third-party tracking cookies or advertising cookies.

10. Analytics

We use Vercel Analytics to understand how the Service is used. Vercel Analytics is a privacy-focused analytics solution that:

  • Does not use cookies
  • Does not track users across websites
  • Does not collect personal information
  • Collects only aggregated, anonymized data

This helps us improve the Service without compromising your privacy.

11. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@nonatomic.co.uk
Website: www.nonatomic.co.uk

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.