Privacy Policy

Last Updated: May 11, 2026

📋 Company Information (Data Controller)

Legal Entity: Easy Remit (eenmanszaak / sole proprietorship)

Trading as: Upskrol

KvK Number: [YOUR KVK NUMBER]

VAT Number: [YOUR VAT NUMBER]

Registered Address: [YOUR FULL ADDRESS], Amsterdam, Netherlands

Data Protection Officer (DPO): [YOUR NAME], dpo@upskrol.com

Email: privacy@upskrol.com

Website: https://www.upskrol.com

1. Data We Collect

We collect the following categories of personal data:

Category	Data Types	Purpose	Legal Basis
Account Data	Email address, username, encrypted password, profile picture, bio	Create and manage your account, authenticate you, display your profile	Contract performance (Art. 6(1)(b))
User Content	Videos, comments, likes, saved videos, watch history	Provide core app functionality, personalize feed, enable social interactions	Contract performance (Art. 6(1)(b))
Device Information	IP address, device type, operating system, browser type, app version	Security, fraud prevention, analytics, app optimization	Legitimate interest (Art. 6(1)(f))
Usage Data	Video views, watch time, interactions, session duration	Improve recommendations, understand user behavior, analytics	Legitimate interest (Art. 6(1)(f))
Camera/Media (optional)	Photos, videos from camera roll	Upload content to the platform	Consent (Art. 6(1)(a))

2. How We Collect Data

Directly from you: When you create an account, upload content, comment, or update your profile
Automatically: Through cookies, log files, and analytics tools when you use our app or website
Third-party services: When you sign in via Google or Apple (we receive your email and name with your consent)

3. How We Use Your Data

Provide the Service: Host and display your content, manage your account, enable social features
Personalization: Recommend videos, curate your feed, show relevant content
Security: Detect and prevent fraud, abuse, and security incidents
Enforcement: Enforce our Terms of Service and Community Guidelines (including copyright strike tracking)
Analytics: Improve app performance, understand user behavior, fix bugs
Legal Compliance: Respond to legal requests, comply with DMCA takedown notices, GDPR requests

4. Data Retention

We retain your data for the following periods:

Account data: Until you delete your account or request erasure
User content (videos, comments): Until you delete them or your account is terminated
Moderation logs (strikes, suspensions, bans): Retained for 3 years after account deletion for legal compliance
IP addresses and device logs: 12 months for security purposes
Deleted accounts: Data anonymized after 30 days, except for legal retention requirements

5. Data Sharing

We share your data with the following categories of recipients:

Recipient Type	Purpose	Data Shared
Cloud Service Providers	Hosting and storage (AWS, Cloudinary)	Videos, images, user data
Analytics Providers	App analytics and performance monitoring	Usage data, device info (anonymized)
Moderation Services	Content moderation (OpenAI, Rekognition)	Video content, comments, captions
Legal/Government Authorities	Compliance with court orders, DMCA notices, legal requests	As required by law

We do NOT sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place, including:

EU Standard Contractual Clauses (SCCs) with our service providers
Data Processing Agreements (DPAs) with all third-party processors
GDPR-compliant data transfer mechanisms

7. Your Rights (GDPR & CCPA)

For EU Residents (GDPR):

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for optional data collection
Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority

For California Residents (CCPA):

Right to Know: Request disclosure of data collected and shared
Right to Delete: Request deletion of personal data
Right to Opt-Out: Opt-out of data sales (we do not sell data)
Right to Non-Discrimination: Equal service regardless of rights exercised

How to Exercise Your Rights:

Email privacy@upskrol.com with:

Your full name and username
The right you wish to exercise
Any specific data requests
Proof of identity (if required)

We respond within 30 days (GDPR requirement).

8. Data Security

Encryption: Passwords hashed with bcrypt, data encrypted at rest and in transit (TLS 1.3)
Access Control: Strict role-based access to user data
Monitoring: Security logging and intrusion detection
Regular Audits: Security assessments and vulnerability scans

9. Cookies and Tracking

Essential cookies: Authentication, security, app functionality (cannot be disabled)
Analytics cookies: Understand usage patterns (can be disabled in settings)
Preference cookies: Remember your preferences

10. Children's Privacy

Upskrol is intended for users aged 16 and older. We do not knowingly collect data from children under 16. If we discover a user under 16, we will delete their account and all associated data.

11. Account Deletion

You can delete your account at any time:

In-app: Settings → Account → Delete Account
Email request: Send request to privacy@upskrol.com

12. Contact Information

Privacy Questions: privacy@upskrol.com

Data Protection Officer (DPO): dpo@upskrol.com

GDPR/CCPA Requests: privacy@upskrol.com

This privacy policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and Dutch privacy law.