Privacy Policy

PainMiner ("the Service") is operated by DDMarketing Agency("we", "us"), represented by Daniel Hansen. This policy explains what personal data we collect, why, and what rights you have. Questions: legal@ddmarketing.com.

1. Data we collect

Account data: when you sign up we collect your email address, an optional display name, and authentication credentials, stored with our database and authentication provider (Supabase). Newsletter data: if you subscribe to the weekly digest or unlock validator results, we store your email address and the signup source, with double-opt-in confirmation. Usage data: we record product events tied to your account (e.g. daily view counts, bookmarks, exports) to enforce plan limits and operate features. Payment data: payments are processed by Lemon Squeezy as merchant of record; we never see or store your card details. We receive your email, plan, and subscription status from them to provision access. Analytics: we use Google Analytics 4 to understand aggregate site usage; see Cookies below.

2. What we do NOT collect

The opportunity data in PainMiner comes from public internet posts. Author identifiers from those sources are one-way hashed in our pipeline; we do not build profiles of the people whose public complaints we analyze, and we do not sell personal data to anyone.

3. Why we process your data (legal bases)

To provide the Service you signed up for (contract); to send the digest you subscribed to (consent, withdrawable any time via the unsubscribe link); to secure the Service, prevent abuse, and meet our legal obligations (legitimate interest / legal obligation); and to improve the Service using aggregate analytics (legitimate interest).

4. Processors we share data with

Supabase (database, authentication), Lemon Squeezy (payments, merchant of record), Brevo (transactional and digest email), Vercel (hosting), Google (analytics), and Upstash (rate-limiting infrastructure; processes IP addresses transiently). Each processes data only to provide their service to us.

5. Cookies and analytics

We use strictly necessary cookies for authentication (you cannot use a paid account without them) and Google Analytics 4 cookies for aggregate usage measurement. You can block analytics cookies in your browser without affecting the Service.

6. Retention

Account data is kept while your account exists and deleted when you delete your account (Settings → Danger Zone), which cancels billing and removes your authentication record. Newsletter data is kept until you unsubscribe. Purchase records are retained as required for accounting and tax law.

7. Your rights

Depending on your location (including under GDPR and CCPA) you may have the right to access, correct, export, restrict, or delete your personal data, and to object to processing. Account deletion is self-service in Settings; for anything else email legal@ddmarketing.com and we will respond within 30 days. You may also lodge a complaint with your local data protection authority.

8. International transfers & security

Our processors may store data in the EU and/or the United States under standard contractual clauses or equivalent safeguards. Data in transit is encrypted (TLS); access to production systems is restricted and credential-gated.

9. Changes

We will post any material changes to this page and update the date above. Continued use after changes constitutes acceptance.

See also: Terms of Service · Refund & Cancellation Policy