Privacy Policy

1. Who is responsible for your data?

The operator of the Service is the data controller. For contact details, see Section 9 below.

2. What data we collect and why

We collect only the minimum data necessary to run the Service.

• Email address – Account creation, login, password reset. Legal basis: contract; legitimate interest (security).
• Password – Stored as a one-way hash; we never see your plain password. Legal basis: contract.
• Display name – Shown on your profile and in the community. Must be unique. Legal basis: contract.
• Country, state/region, and city – Collected at signup and editable in your profile ("My location"). We use this information to improve your experience and to make content relevant to where you are: for example, the feed can show you posts from your area ("Near me"), your country, or worldwide; discovery and other features may use your location so that content and community are relevant to your location. We do not use it for advertising. Legal basis: contract; legitimate interest.
• IP address – Security, fraud prevention, and approximate location at signup or use. Legal basis: legitimate interest; legal obligation.
• Session cookie – Keeping you logged in. Legal basis: contract; strictly necessary.
• Posts, likes, comments, profile data – Providing the Service. Legal basis: contract.

We do not sell your personal data. We do not use your data for advertising or marketing to third parties.

3. Cookies and how we use them

We use:

• Strictly necessary cookies – e.g. session cookie so you stay logged in. These do not require consent under EU/UK law; we disclose them here.
• We may use analytics or similar tools to improve the Service; we will disclose these and, where required by law, ask for your consent. We do not use marketing or advertising cookies.

4. How long we keep your data

• Account data – For the duration of your account and a short period after deletion (e.g. disputes or legal holds), then deleted.
• Session – Until you log out or the session expires.
• Posts, likes, comments – Until you delete them or close your account, except where we must retain for legal or safety reasons.

5. Your rights (EU, UK, and similar)

If you are in the EEA or the UK, you have the right to: access, rectification, erasure, restriction, data portability, object, withdraw consent, and complain to a supervisory authority. To exercise these rights, contact us (Section 9). We will respond within the time required by law (e.g. one month under GDPR).

6. Users in the United States

We do not sell personal information. We collect only what is necessary for the Service and security. If you are in a state with additional rights (e.g. California under CCPA/CPRA), you may have the right to know, delete, and correct your data, and to opt out of "sale" or "sharing" – we do not sell or share your data for cross-context behavioural advertising. Contact us (Section 9) to exercise rights.

7. International transfers

Your data is processed in the European Union. If we use processors outside the EEA/UK, we will ensure appropriate safeguards (e.g. standard contractual clauses) as required by GDPR/UK GDPR.

8. Security

We use industry-standard measures (HTTPS, hashed passwords, secure sessions). We will notify you and regulators where required if a breach affects your personal data.

9. Contact

For privacy requests or questions: appadmin@wmltd.eu. In the EU/UK you may also lodge a complaint with your local data protection authority.