Privacy Policy | EarlyHunt

Last updated: December 2024

1. Introduction

At EarlyHunt ("we," "our," or "us"), we are committed to protecting your privacy. EarlyHunt is where early adopters discover the next big thing, connecting builders and product hunters. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

By using our Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you provide directly to us when you use EarlyHunt, including:

Account Information: Name, email address, profile picture (avatar), bio, website URL, Twitter/X handle, GitHub username, location, and account creation date
Authentication Data: When you sign in via Google OAuth, GitHub OAuth, or email magic links, we receive your email, name, and profile picture from the authentication provider
Project Submission Information: Project name, website URL, short description, full description, logo image, preview images, screenshots (up to 5), video URLs, selected categories (up to 3), pricing model (Free/Freemium/Paid), launch type (Free/Nofollow/Premium), launch week selection, and any additional tags or metadata
Payment Information: For Premium launches ($10), payment is processed through Polar. We receive payment confirmation and transaction IDs, but never store credit card numbers or full payment details on our servers
Backlink Verification Data: For Free launches, we verify that you've added an EarlyHunt link to your website by checking your website's source code
Voting and Engagement Data: Your votes on projects, comments you post on project pages, and interactions with the platform
Communication Data: Messages sent through our contact forms, support requests, feedback, and email communications with our team
Newsletter Subscriptions: Email preferences, subscription status, and newsletter engagement data

2.2 Information Collected Automatically

When you use EarlyHunt, we automatically collect certain technical and usage information:

Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, voting activity, project views, search queries, and feature usage
Device Information: IP address (may be anonymized), browser type and version, operating system, device type (desktop/tablet/mobile), screen resolution, and device identifiers
Log Data: Server logs including access times, pages viewed, referring URLs, HTTP status codes, error logs, API request/response data, and performance metrics
Session Information: Session IDs, authentication tokens, and session duration for security and functionality purposes
Analytics Data: Aggregated user behavior patterns, performance metrics, engagement statistics, conversion rates, and platform usage trends (collected via Vercel Analytics)
Cookies and Tracking Technologies: Essential cookies for authentication and functionality, analytics cookies for platform improvement (see our Cookie Policy for details)
Location Data: General geographic location derived from IP address (country/region level) for analytics and fraud prevention, not precise location

2.3 Information from Third Parties

We may receive information from third-party services that you interact with:

Authentication Providers:
- Google OAuth: When you sign in with Google, we receive your email, name, profile picture, and Google account ID
- GitHub OAuth: When you sign in with GitHub, we receive your email, username, profile picture, and GitHub account ID
- Email Magic Links: Sent via Resend email service, we receive confirmation when you click authentication links
Payment Processors: Polar processes all Premium launch payments. We receive payment confirmation, transaction IDs, order details, and webhook notifications about payment status
Database Services: Neon DB (PostgreSQL) stores all your data securely. Neon processes data on our behalf but doesn't access your information
File Storage: UploadThing stores uploaded images (logos, previews, screenshots). UploadThing processes file uploads and serves images but doesn't access file contents
Email Services: Resend delivers all transactional emails (authentication links, notifications, updates). Resend processes email delivery and engagement data
Analytics Services: Vercel Analytics provides anonymized usage analytics and performance monitoring. No personal data is shared
Webhook Services: Svix may be used for webhook delivery and signature verification. Webhook data includes payment and service events
Social Media Platforms: If you connect your social accounts (Twitter/X, GitHub) or share content, we may receive public profile information
Hosting Infrastructure: Vercel hosts our platform and may collect server logs, error reports, and performance data as part of their service

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

Create and manage your user account, authenticate your identity, and maintain your profile
Process, review, approve, and display your project submissions on the platform
Schedule your projects for weekly launch competitions and manage launch weeks
Enable voting functionality, track votes, and calculate competition rankings
Facilitate comments and discussions on project pages
Display project information, categories, search results, and browse pages
Process Premium launch payments securely through Polar payment processor
Verify backlinks for Free launches by checking your website
Send automated email notifications about project status, scheduling, competition results, and platform updates
Provide customer support, respond to inquiries, and handle support requests
Manage the Hall of Fame and winner recognition features
Generate and serve project pages, founder profiles, and platform content

3.2 Communication

Send transactional emails including authentication magic links, project submission confirmations, scheduling notifications, and payment receipts
Notify you when your project is approved, scheduled, goes live, or wins a competition
Send weekly competition updates, voting reminders, and results announcements
Provide newsletters, platform updates, and marketing communications (only with your explicit consent, which you can withdraw anytime)
Notify you of important changes to our services, terms, privacy policy, or platform features
Respond to your comments, questions, support requests, and feedback
Send administrative messages, security alerts, and account-related notifications

3.3 Analytics and Improvement

Analyze usage patterns and platform performance
Improve user experience and platform functionality
Develop new features and services
Conduct research and analytics

3.4 Legal and Security

Comply with legal obligations and regulatory requirements
Protect against fraud, abuse, and security threats
Enforce our Terms of Service and other policies
Protect our rights and the rights of our users

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

4.1 With Your Consent

We may share your information when you have given us explicit consent to do so.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Platform:

Neon DB (PostgreSQL): Cloud database service that stores all platform data including user accounts, projects, votes, comments, and analytics. Neon is GDPR compliant and operates under strict data protection standards
NextAuth.js: Authentication framework that handles OAuth providers (Google, GitHub) and email magic links. NextAuth manages session tokens and authentication flows
Polar: Payment processing service that handles all Premium launch transactions. Polar is PCI-DSS compliant and processes credit card payments securely
UploadThing: File upload and storage service for project logos, preview images, and screenshots. Files are stored securely and served via CDN
Resend: Email delivery service that sends all transactional emails including authentication links, notifications, and updates. Resend processes email delivery and engagement metrics
Vercel Analytics: Privacy-focused analytics service that provides anonymized usage statistics and performance monitoring. No personal data is collected
Vercel Hosting: Cloud hosting platform that serves our application. Vercel may collect server logs and performance data as part of hosting services
Svix: Webhook service that may be used for secure webhook delivery and signature verification (for payment notifications, etc.)

All service providers are contractually obligated to protect your information and use it only for the purposes of providing services to EarlyHunt. We regularly review and audit our service providers to ensure they meet our data protection standards.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal processes, such as subpoenas or court orders.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

4.5 Public Information

Information you choose to make public on our Platform (such as project descriptions, names, and public profiles) will be visible to other users and may be indexed by search engines.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Secure hosting infrastructure
Employee training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

Account Information: Retained until you delete your account or request account deletion. Some information may be retained longer if required for legal or security purposes
Project Submissions: Retained permanently to maintain the platform archive, unless you specifically request deletion. Projects remain discoverable even after competitions end
Voting and Engagement Data: Retained to maintain competition integrity and historical records. Vote counts and rankings are permanent parts of competition history
Comments: Retained as part of project pages. You can delete your own comments, but they may remain visible if they're part of active discussions
Payment Information: Payment transaction records are retained as required by financial regulations (typically 7 years). Credit card details are never stored - only transaction confirmations and IDs from Polar
Email Communications: Retained for customer support, legal compliance, and service improvement. You can request deletion of specific communications
Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for platform improvement and research purposes
Log Files: Server logs and access logs are typically retained for 90 days for security and troubleshooting, then automatically deleted or anonymized
Deleted Accounts: When you delete your account, we begin a 30-day grace period where data can be recovered. After 30 days, most personal data is permanently deleted, though project submissions and public content may remain anonymized

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

7.1 General Rights

Depending on your location (especially if you're in the EU under GDPR, California under CCPA, or other jurisdictions with data protection laws), you have the following rights:

Right to Access: Request a copy of all personal information we hold about you, including account data, project submissions, voting history, and communication records
Right to Correction: Update or correct inaccurate or incomplete information through your account settings or by contacting us
Right to Deletion: Request deletion of your personal information and account. Note that project submissions and public content may remain visible if deletion would impact platform integrity
Right to Data Portability: Request your data in a structured, machine-readable format (JSON/CSV) that you can transfer to another service
Right to Restriction: Request that we limit how we process your information in certain circumstances
Right to Object: Object to processing of your information for certain purposes, such as marketing communications
Right to Withdraw Consent: Withdraw consent for data processing where consent is the legal basis (you can unsubscribe from emails anytime)

To exercise any of these rights, contact us at hi@earlyhunt.com. We'll respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing requests to protect your privacy.

7.2 Marketing Communications

You can opt-out of marketing communications at any time by:

Clicking the unsubscribe link in our emails
Updating your preferences in your account settings
Contacting us directly

7.3 Cookie Preferences

You can manage your cookie preferences through your browser settings or our cookie consent banner. For more information, see our Cookie Policy.

8. International Data Transfers

EarlyHunt operates globally, and your information may be transferred to and processed in countries other than your country of residence. Our primary data processing occurs in:

United States: Where Vercel (hosting), UploadThing (file storage), and Resend (email) operate
European Union: Where Neon DB (database) may process data, depending on your region
Other Regions: Service providers may operate data centers in various locations worldwide

We ensure that international data transfers are conducted in accordance with applicable data protection laws:

All service providers are contractually bound to protect your data
We use Standard Contractual Clauses (SCCs) where required for EU data transfers
Service providers maintain appropriate security certifications (SOC 2, ISO 27001, etc.)
Data is encrypted in transit and at rest

By using EarlyHunt, you consent to the transfer of your information to these locations. If you're in the EU/EEA, you have the right to object to certain transfers, though this may impact your ability to use our services.

9. Children's Privacy

Our Platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have the information removed.

10. Analytics and Tracking

We use analytics services to understand how visitors interact with EarlyHunt, improve user experience, and maintain platform performance. We prioritize privacy-friendly analytics that comply with GDPR, CCPA, and other data protection regulations.

10.1 Vercel Analytics

We use Vercel Analytics, a privacy-focused analytics service that provides anonymized usage statistics. Vercel Analytics collects:

Page views and navigation patterns (anonymized)
Performance metrics (page load times, Core Web Vitals)
Error rates and technical issues
General geographic distribution (country/region level, not precise location)
Device and browser type statistics

Privacy Features: Vercel Analytics is designed to be privacy-friendly. It doesn't use cookies for tracking individual users, doesn't collect personal information, and all data is aggregated and anonymized. It's fully compliant with GDPR and CCPA.

10.2 Platform Analytics

We also track internal platform metrics for service improvement:

Vote Counts: Public vote totals for projects (not individual voting behavior)
Project Views: Aggregate view counts for projects (anonymized)
Submission Statistics: Number of submissions, launch types, categories (aggregated)
Competition Metrics: Weekly competition participation, winner statistics

These metrics help us understand platform usage, improve features, and ensure fair competition. Individual user behavior is not tracked or analyzed for advertising purposes.

10.3 Cookies and Tracking Technologies

We use cookies and similar technologies for essential platform functionality:

Authentication Cookies: Session cookies to keep you logged in (essential for platform functionality)
Preference Cookies: Store your display preferences and settings
Analytics Cookies: Anonymized analytics cookies (you can opt-out)

For detailed information about our cookie usage, please see our Cookie Policy. You can manage cookie preferences through your browser settings.

11. Third-Party Links and Content

EarlyHunt contains links to third-party websites, services, and content, including:

Project Websites: Links to projects submitted by users (website URLs, social media links)
Sponsor Links: Links to sponsor websites (Rank++, Aura++, etc.)
Social Media: Links to Twitter/X, GitHub, and other social platforms
External Resources: Links to documentation, guides, and external resources

We are not responsible for the privacy practices, content, or data collection of these third-party websites. When you click on external links, you leave EarlyHunt and are subject to the privacy policies and terms of service of those third parties. We encourage you to review the privacy policies of any third-party websites you visit.

User-Generated Content: Project descriptions, comments, and user-submitted content may contain links to external websites. We are not responsible for the content or privacy practices of these linked sites.

12. Data Security and Breach Notification

We implement comprehensive security measures to protect your personal information:

Encryption: All data is encrypted in transit (TLS/SSL) and at rest using industry-standard encryption protocols
Authentication: Secure authentication via NextAuth.js with OAuth providers and email magic links
Access Controls: Strict access controls, role-based permissions, and authentication requirements for staff access
Secure Infrastructure: Hosting on Vercel with enterprise-grade security, DDoS protection, and regular security updates
Database Security: Neon DB with encrypted connections, automated backups, and access logging
Payment Security: All payments processed through PCI-DSS compliant Polar payment processor - we never store credit card information
Regular Security Audits: Regular security assessments, vulnerability scanning, and dependency updates
Employee Training: Staff trained on data protection, security best practices, and privacy compliance

Data Breach Notification: In the unlikely event of a data breach that compromises your personal information, we will:

Notify affected users within 72 hours of discovering the breach (as required by GDPR)
Report the breach to relevant data protection authorities if required by law
Provide clear information about what data was affected and what steps we're taking
Offer guidance on protective measures you can take

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

13. Your Responsibilities

When using EarlyHunt, you have certain responsibilities:

Accurate Information: Provide accurate and truthful information in your account and project submissions
Account Security: Keep your account credentials secure, don't share your account, and notify us immediately of any unauthorized access
Privacy Settings: Review and manage your privacy settings, email preferences, and account information regularly
Public Content: Understand that project information, comments, and public profiles are visible to all users and may be indexed by search engines
Third-Party Links: Exercise caution when clicking on links to external websites from project pages
Compliance: Ensure your use of EarlyHunt complies with our Terms of Service and applicable laws
Data Accuracy: Update your information if it changes, especially email address for important notifications

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes:

We'll update the "Last updated" date at the top of this policy
For material changes, we'll notify you via email (to your registered email address) or through a prominent notice on the platform
We'll post the updated Privacy Policy on this page before changes take effect
Continued use of EarlyHunt after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. If you disagree with any changes, you may stop using EarlyHunt and request deletion of your account.

Historical Versions: Previous versions of this Privacy Policy are archived. If you'd like to review a previous version, contact us at hi@earlyhunt.com.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Through our contact page
By email at hi@earlyhunt.com for general inquiries, data requests, or privacy concerns
Follow us on X/Twitter for platform updates and announcements

Data Protection Officer: For privacy-related inquiries, data protection requests, or to exercise your data rights under GDPR, CCPA, or other applicable laws, please email us at hi@earlyhunt.com with "Privacy Request" in the subject line. We aim to respond to all privacy inquiries within 30 days.