Skip to main content
CULTURE CURVE

Privacy Policy

Last updated: March 24, 2026

1. Introduction

Culture Curve ("we," "us," or "our") operates the Culture Curve platform at culturecurve.io. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform, and your rights regarding that data.

We are committed to transparency and to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data We Collect

Account Data

When you create an account, we collect the email address associated with your authentication provider (Google or magic link), your chosen username, birth year, and country code. We do not collect or store your real name.

Voting Data

When you vote on questions, we store your selected value, a timestamp, and a demographic snapshot (age bracket, country) used for aggregate analysis. Votes are linked to your account or, for anonymous users, to a session identifier stored in your browser.

User-Generated Content

If you submit questions or post comments, we store that content along with your user identifier and timestamps.

Session and Analytics Data

We generate a random session identifier (UUID) stored in your browser's localStorage. We collect basic analytics events such as page views, share actions, and voting interactions. We do not use third-party tracking pixels or advertising cookies.

Technical Data

Our hosting provider (Vercel) may collect standard server logs including IP addresses, browser user-agent strings, and request timestamps. This data is processed by Vercel under their privacy policy.

3. How We Use Your Data

  • To provide and operate the platform, including voting, results, and comments
  • To compute aggregate demographic breakdowns (age bracket, country) while meeting minimum threshold requirements for privacy
  • To detect and prevent abuse, bot activity, and rate-limit violations
  • To send transactional emails (magic link authentication) via Resend
  • To send marketing emails only if you have explicitly opted in
  • To generate anonymized, aggregate cultural data and trends

4. Legal Basis for Processing (GDPR)

  • Contractual necessity: Processing required to provide the platform service (account management, voting, results)
  • Legitimate interest: Abuse prevention, security, and aggregate analytics
  • Consent: Marketing communications (opt-in only)

5. Data Sharing and Third-Party Services

We do not sell your personal data. We share data only with the following service providers, strictly for platform operation:

  • Supabase — Database hosting and authentication (stores account data, votes, and content)
  • Vercel — Application hosting and edge delivery (processes server requests)
  • Resend — Transactional email delivery (magic link sign-in emails)
  • Google — OAuth authentication provider (we receive only your email; we do not access contacts, calendars, or other account data)

6. Cookies and Local Storage

We use strictly necessary cookies for authentication session management (set by Supabase Auth). We do not use advertising, analytics, or tracking cookies. We store a session UUID in localStorage for anonymous voting functionality. No cookie consent banner is required as we use only strictly necessary cookies.

7. Data Retention

  • Account data is retained for the lifetime of your account
  • Vote history is retained indefinitely for aggregate cultural analysis, but is anonymized (user identifier removed) upon account deletion
  • Comments are retained for the lifetime of your account; upon deletion, content is replaced with "[deleted]"
  • Analytics events are retained for up to 24 months, then aggregated and purged
  • Server logs (managed by Vercel) follow Vercel's retention policies

8. Demographic Data and Privacy Thresholds

Demographic breakdowns (by age bracket or country) are only displayed publicly when a minimum of 10 votes exist per demographic segment and 25 total votes exist on the question. This threshold prevents identification of individuals through small-group inference.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate data in your profile
  • Deletion: Delete your account and have your personal data removed. Votes will be anonymized (not deleted) to preserve aggregate data integrity. You can delete your account from your profile settings.
  • Data Portability: Request your data in a machine-readable format
  • Withdraw Consent: Opt out of marketing emails at any time from your profile settings
  • Object: Object to processing based on legitimate interest

To exercise any of these rights, contact us at privacy@culturecurve.io. We will respond within 30 days.

10. CCPA-Specific Disclosures

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@culturecurve.io or use the account deletion feature in your profile settings.

11. Children's Privacy

Culture Curve is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will delete their account and associated data.

12. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS), row-level security policies on our database, rate limiting, and bot detection. However, no method of electronic transmission or storage is completely secure.

13. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for any international data transfers in accordance with applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on the platform. Your continued use of Culture Curve after changes are posted constitutes acceptance of the updated policy.

15. Contact

For questions or concerns about this Privacy Policy or your data, contact us at privacy@culturecurve.io.