Privacy Policy

1. Introduction

FavPik ("we," "us," or "our") operates the website favpik.com (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or use our Platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the Information Technology Act, 2000 (India), the Digital Personal Data Protection Act, 2023 (India), and the General Data Protection Regulation (GDPR) for users within the European Economic Area (EEA).

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Information we collect

2.1 Information you provide directly

When you create an account, we collect your email address and name. When you create a poll, we store the poll title, description, and options you provide. When you contact us, we collect your email address and message content.

2.2 Information collected automatically

When you visit or use the Platform, we automatically collect: IP address, browser type and version, operating system, device type, referring URLs, pages viewed and time spent, voting activity and poll interactions. We use browser fingerprinting (via FingerprintJS open-source library) to prevent duplicate voting. This generates a hash based on your browser characteristics — it does not identify you personally and cannot be reversed to obtain personal information.

2.3 Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. These include essential cookies for authentication, functional cookies for preferences, and analytics cookies to understand Platform usage.

3. How we use your information

We use collected information to: operate and maintain the Platform, process and display poll votes and results, authenticate users and manage accounts, prevent fraud and detect duplicate or bot-driven voting, send transactional emails (OTP codes, poll results), communicate platform updates and policy changes, improve Platform performance and user experience, comply with legal obligations and enforce our terms, and generate aggregated and anonymised analytics.

We do not sell your personal data to third parties. We do not use your data for targeted advertising. We do not share your individual voting choices with anyone, including poll creators.

4. Legal basis for processing (GDPR)

For users in the EEA, our legal bases for processing personal data are: consent (when you voluntarily create an account or submit data), contract performance (to provide the services you request), legitimate interests (fraud prevention, security, and platform improvement), and legal obligation (compliance with applicable laws).

5. Data sharing and disclosure

We may share your data with: service providers who assist in operating the Platform (hosting by Vercel, database by Neon, email by Resend, AI moderation by Anthropic, bot protection by Google reCAPTCHA), law enforcement or regulatory authorities when required by law or to protect our rights, and in connection with a merger, acquisition, or sale of assets (with prior notice to users).

All third-party service providers are contractually bound to protect your data and use it only for the purposes we specify. Google reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

6. Data retention

Account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Poll data (votes, results) may be retained in anonymised form after account deletion. Automatically collected data (logs, IP addresses) is retained for up to 12 months. OTP codes are deleted immediately after verification or expiry.

7. Data security

We implement appropriate technical and organisational measures to protect your data, including: encryption of data in transit (TLS/SSL), secure database hosting with encryption at rest, hashed browser fingerprints (not reversible), httpOnly session cookies to prevent XSS attacks, regular security reviews and updates, and access controls limiting who can view personal data. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. International data transfers

Your data may be processed in countries outside your country of residence, including the United States (where our hosting and service providers are located) and Singapore (database region). For EEA users, such transfers are protected by Standard Contractual Clauses or the service provider's certification under applicable data transfer frameworks.

9. Your rights

All users have the right to:

Access the personal data we hold about you. Correct inaccurate or incomplete data. Delete your account and associated personal data. Object to processing of your data for specific purposes. Withdraw consent at any time (where processing is based on consent).

EEA users additionally have the right to:

Data portability (receive your data in a structured, machine-readable format). Restrict processing in certain circumstances. Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at hello [at] favpik [dot] com. We will respond within 30 days.

10. Children's privacy

The Platform is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it immediately. If you believe a child under 13 has provided us with personal data, please contact us at hello [at] favpik [dot] com.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.