Sign Up

Privacy Policy

Our privacy policy and how we use your data

Effective Date: June 1, 2025

1. Introduction

Welcome to Popmelt ("we," "us" or "our"). We're committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

2. Information We Collect

Authentication Information: When you sign up or log in via Google or GitHub OAuth, we receive only your name, email address, and profile picture.

Functional Cookies: We use essential cookies to keep you logged in and to enable basic site functionality. We do not use analytics, tracking, or marketing cookies.

3. How We Use Your Information

Account Creation & Authentication: We use your OAuth-provided name and email to create and manage your Popmelt account.

Internal Operations: We use your data only to operate and improve our service (e.g. customer support, system security).

Future Payments (not yet enabled): In the future, should you purchase paid features, we plan to integrate with Stripe. Stripe will process payment details; Popmelt will not store or have access to your raw payment information.

4. Data Sharing & Disclosure

We never sell, rent, or share your personal information with third parties for marketing purposes.

We share data only with:

  • OAuth providers (Google, GitHub) for authentication.
  • Stripe (once enabled) solely for payment processing.
  • Our internal service providers (e.g. our web host in the U.S.) under strict confidentiality.

We may disclose information if required by law or to protect our legal rights.

5. Data Retention & Deletion

Account Data: We retain your name, email, and profile picture for as long as your account is active.

Deletion Requests: Upon your request, we will delete or anonymize your personal data within 30 days.

Legal Obligations: If required by law, we may retain minimal records (e.g. transaction logs) for up to one year before secure deletion.

6. Your Privacy Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct any inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Portability: Obtain your data in a structured, machine-readable format.
  • Objection: Object to our processing of your data for any reason.
  • Opt-out of Marketing: We do not send marketing emails today; if we do in the future, you can opt out via unsubscribe links or by contacting us.

To exercise any of these rights, please email john@popmelt.com.

7. Third-Party Authentication & Hosting

OAuth Providers: Google and GitHub handle authentication. We never see your passwords.

Hosting & Infrastructure: We host our services with U.S.-based providers only. All data processing and storage occur within the United States.

8. Security Measures

We implement reasonable technical and organizational safeguards, including:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted storage of sensitive data
  • Access controls and audit logging
  • Regular security assessments

9. International Data Transfers

All data is stored and processed in the United States. If you access our service from outside the U.S., by using Popmelt you consent to this transfer.

10. Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes by posting a new "Effective Date" here and, where appropriate, via email.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: john@popmelt.com

Thank you for trusting Popmelt. We're committed to keeping your data safe and your privacy respected.