Privacy Policy

The data controller responsible for your personal data is:

• Company: Product Legends
• Email: hola@productlegends.app
• Website: https://www.productlegends.app

We collect different types of personal data depending on how you interact with our game:

We process your personal data based on the following legal grounds:

• Contract Performance: To provide you access to the service and manage your account.
• Consent: For analytics and marketing cookies, and for commercial communications.
• Legitimate Interest: To improve our services, prevent fraud, ensure security, and maintain an operational service activity log (date of visit, 90-day retention).
• Legal Obligation: To comply with tax and accounting obligations.

We use the collected data for the following purposes:

• Provide you access to Product Legends and its learning features
• Manage your account, progress and game preferences
• Process payments and manage your subscription
• Send you communications related to the game and your learning
• Improve and personalize your gaming experience
• Comply with legal obligations

We may share your data with the following service providers:

• Supabase: Database and authentication (servers in the EU)
• Stripe: Payment processing (PCI DSS certified)
• Google Analytics: Traffic analysis (with consent)
• Hotjar: Behavior analysis (with consent)
• Meta (Facebook): Advertising and conversion (with consent)

All our providers are contractually obligated to protect your data and can only use it for the specified purposes.

Some of our service providers may be located outside the European Economic Area. In these cases, we ensure appropriate safeguards are in place:

• European Commission adequacy decisions
• EU-approved Standard Contractual Clauses
• EU-US Data Privacy Framework

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

• Account data: While your account is active plus 30 days after deletion
• Billing data: 5 years for tax obligations
• Analytics data: Maximum 26 months
• Service activity log: 90 days
• Legally required data: According to legally established periods

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your personal data.
• Right to Data Portability: You can request your data in a structured, commonly used format.
• Right to Object: You can object to the processing of your data for specific purposes.
• Right to Restriction: You can request the restriction of processing your data.
• Right to Withdraw Consent: You can withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, you can contact us at: hola@productlegends.app

If you believe we have not adequately addressed your rights, you can file a complaint with your local data protection authority.

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Role-based access control
• Monitoring and threat detection
• Regular backups and disaster recovery

If you have questions about this privacy policy or about the processing of your personal data, please contact us:

Product Legends
Email: hola@productlegends.app