Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the information above.

2. Introduction

PPL UP ("we", "us", "our") is committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR) and Portuguese Law n.º 58/2019.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data.

3. What Personal Data We Collect

3.1 Information You Provide

When you create an account, we collect:

• Name
• Username
• Email address
• Password (encrypted)
• Social media usernames you choose to track

3.2 Publicly Available Social Media Data

We collect and display publicly available information from social media platforms, including:

• Public profile usernames
• Follower counts and metrics
• Other publicly accessible statistics

This data is already public and we collect it using official APIs provided by the platforms.

3.3 Technical Information

When you use our Service, we automatically collect:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Pages visited and time spent
• Session information

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract Performance - Processing your account information and providing the Service you requested
• Legitimate Interests - Improving our Service, preventing fraud, and ensuring security
• Legal Obligation - Complying with applicable laws and regulations
• Consent - Where you have explicitly consented (you can withdraw consent at any time)

5. How We Use Your Data

We use your personal data for the following specific purposes:

• Creating and managing your account
• Providing social media analytics and tracking services
• Sending important service updates and notifications
• Responding to your inquiries and support requests
• Improving and optimizing our Service
• Preventing fraud and ensuring security
• Complying with legal obligations

6. Cookies and Tracking

We use only strictly necessary cookies to ensure our Service functions properly:

• Session Cookie - Maintains your login session (essential)
• CSRF Token - Protects against security threats (essential)
• Cloudflare Protection - Bot detection and DDoS protection (security)

We do not use analytics, advertising, or tracking cookies. The cookies we use are essential for the Service to function and are exempt from consent requirements under ePrivacy regulations.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following limited circumstances:

• Service Providers - With trusted third parties who help us operate our Service (hosting, email, security) under strict data protection agreements
• Legal Requirements - When required by law, court order, or to protect our legal rights
• Business Transfers - In case of merger, acquisition, or sale (you will be notified)
• Your Consent - When you explicitly agree to share your data

8. International Data Transfers

Your data may be processed and stored on servers located outside the European Economic Area (EEA), including in the United States.

When we transfer your data internationally, we ensure appropriate safeguards are in place:

• We use hosting providers that comply with GDPR requirements
• We implement Standard Contractual Clauses (SCCs) approved by the European Commission
• We ensure appropriate technical and organizational security measures

You have the right to request information about the safeguards we have in place for international transfers.

9. Data Retention

We retain your personal data only for as long as necessary:

• Account Data - Until you delete your account or request deletion
• Social Media Metrics - Historical data retained while your account is active
• Technical Logs - Typically 90 days for security purposes
• Legal Requirements - Some data may be retained longer to comply with legal obligations

After deletion, some anonymized data may be retained for statistical purposes only.

10. Your Rights Under GDPR

Under the GDPR and Portuguese law, you have the following rights:

• Right of Access - Request a copy of the personal data we hold about you
• Right to Rectification - Correct inaccurate or incomplete data
• Right to Erasure - Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing - Limit how we use your data
• Right to Data Portability - Receive your data in a structured, machine-readable format
• Right to Object - Object to processing based on legitimate interests
• Right to Withdraw Consent - Withdraw consent at any time (where processing is based on consent)

How to Exercise Your Rights

To exercise any of these rights, contact us at team@pplup.com. We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of the extension.

We may need to verify your identity before processing your request. Exercising these rights is free of charge unless your request is manifestly unfounded or excessive.

11. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Portuguese supervisory authority:

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis

While we strive to protect your data, no method of transmission over the internet is 100% secure. We will notify you and the relevant authorities of any data breach when required by law.

13. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email or through a prominent notice on our Service
• For significant changes, we may require your renewed consent

We encourage you to review this Privacy Policy periodically.

15. Governing Law

This Privacy Policy is governed by Portuguese law and the European Union's General Data Protection Regulation (GDPR). Any disputes shall be subject to the exclusive jurisdiction of Portuguese courts.

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: