Underflow

Privacy Policy

Last updated: [Insert Date]

This Privacy Policy explains how Jonah Dempcy, LLC ("Underflow," "we," "us") collects, uses, shares, and protects personal data when you use our website and services (the "Service"). We are established in the United States and serve users internationally, including the EU and UK.

Contact: [email protected]

1. Who We Are (Controller)

Jonah Dempcy, LLC is the data controller for personal data processed via the Service.

2. What We Collect

  • Account and profile data: name, email, username, and any optional profile details.
  • User-submitted content: posts, comments, uploads, and other content you share.
  • Transaction data: purchase history and payment metadata (payments are processed by Stripe).
  • Usage data: pages viewed, interactions, device identifiers, IP-based location, and diagnostics.
  • Cookies and similar technologies: authentication, security, preferences, analytics, and marketing if you opt in.

3. How We Use Your Data and Lawful Bases

  • Contract: provide the Service, create accounts, authenticate users, and deliver requested features.
  • Legitimate interests: improve the Service, prevent abuse, and maintain security.
  • Consent: analytics and marketing/remarketing cookies, and marketing communications where required.
  • Legal obligation: comply with applicable laws, tax, and accounting requirements.

4. Cookies and Consent

Essential cookies are required for the Service to function and are always enabled. Analytics and marketing/remarketing cookies require your explicit opt-in. You can manage preferences anytime via the Cookie Settings link.

5. Sharing and Disclosure

We do not sell personal data. We may share data with:

  • Service providers that help us operate the Service (hosting, analytics, email, payments).
  • Legal and safety partners when required by law or to protect rights and safety.
  • Successors in the event of a merger, acquisition, or asset sale (with notice when required).

6. International Transfers

We process data in the United States and other countries. For EU/UK data transfers, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

7. Data Retention

We retain personal data only as long as needed to provide the Service and meet legal or legitimate business obligations. If you delete your account, we delete or anonymize data unless retention is required by law.

8. Your Rights (EEA/UK and Similar Jurisdictions)

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Withdraw consent at any time (does not affect prior processing).
  • Data portability.
  • Lodge a complaint with a supervisory authority.

To exercise rights, contact [email protected].

9. Children

The Service is not directed to children under 13 (or the minimum legal age in your jurisdiction).

10. Security

We use reasonable technical and organizational measures to protect your data. No system is 100% secure.

11. Changes

We may update this Privacy Policy from time to time. We will update the "Last updated" date.