This Privacy Policy describes how 100 DOTS ("we," "us," or "our") collects, uses, and shares information about you when you use our website and services (the "Service"). We are operated by Polsia Inc. By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account information: When you register, you provide your email address and a password hash. Your display name (if you choose to set one) is also stored.
- Subscription information: If you subscribe, we store your subscription status, billing cycle, and Stripe customer and subscription identifiers.
- Listening progress: We store which days (dots) you have marked as completed, your current streak, and your longest streak.
- Discussions: If you post comments on dot pages, your author name and comment content are stored.
1.2 Automatically Collected Information
- Usage data: We log page views, journey starts, dot completions, subscription events, and share events for analytics purposes.
- Session identifiers: Anonymous visitors are assigned a randomly generated visitor ID stored in localStorage. Authenticated sessions use a JWT token stored in localStorage.
- Cookies and local storage: We use localStorage to store visitor IDs, authentication tokens, subscription banner dismissal state, and onboarding tour progress. No third-party advertising cookies are used.
- UTM parameters: If you arrive via a campaign link (e.g., from an email), we store the utm_source, utm_medium, and utm_campaign parameters for analytics.
1.3 Third-Party Information
- Stripe: When you subscribe, Stripe provides us with your customer ID and subscription ID. We do not receive your payment card details.
- Polsia email infrastructure: Transactional emails are sent through Polsia's email system. Your email address is used solely for account-related communications and optional marketing (which you can opt out of at any time).
- Spotify / YouTube: Clicking a listen link takes you to third-party streaming platforms. Those platforms collect data under their own privacy policies.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service.
- Process your subscription and manage billing.
- Track and display your listening progress and streaks.
- Send transactional emails (account setup, payment receipts, cancellation confirmation).
- Send optional marketing emails (you can unsubscribe at any time via the link in every email or via your profile settings).
- Analyze usage patterns to improve the journey and content.
- Detect and prevent fraudulent activity and abuse.
3. Information Sharing
We do not sell your personal information. We share information only in the following circumstances:
- Stripe: We share your email address with Stripe for payment processing. Stripe's use of your data is governed by the Stripe Privacy Policy.
- Polsia: As our infrastructure provider, Polsia processes data under a data processing agreement that governs confidentiality and security.
- Legal obligations: We may disclose information if required by law, court order, or governmental regulation.
- Business transfer: If 100 DOTS is acquired or merged, your information may transfer as part of that transaction under equivalent privacy protections.
4. Data Retention
We retain your information for as long as your account is active and for a period thereafter as required by law. Specifically:
- Account data is retained until you delete your account or request deletion.
- Subscription and payment records are retained for a minimum of 7 years for legal and tax compliance.
- Analytics data (page views, events) is retained in aggregated, non-identifiable form indefinitely.
- Discussion comments are retained while the content is live; deleted comments are removed on request.
5. Data Security
We implement appropriate technical and organizational measures to protect your data, including password hashing (bcrypt), TLS encryption for all data in transit, and access controls limiting who can access user data. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security, but we take reasonable steps to protect your information.
6. Cookies and Local Storage
The following table summarizes how we use browser storage:
| Storage Type | What It Stores | Purpose | Duration |
|---|---|---|---|
| localStorage | Visitor ID | Track anonymous user progress | Until cleared |
| localStorage | JWT auth token | Maintain authenticated session | Until expiry (30 days) |
| localStorage | Subscription banner dismiss | Hide subscribe banner for 30 days | 30 days |
| localStorage | Onboarding tour progress | Resume onboarding steps | Until completed or cleared |
You can clear localStorage through your browser settings at any time. Doing so will log you out and reset your anonymous visitor session.
7. Your Rights (GDPR and CCPA)
7.1 If You Are in the European Economic Area (GDPR)
You have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements for payment records.
- Portability: Request your data in a structured, commonly used, machine-readable format.
- Objection: Object to processing of your data for marketing purposes.
- Restriction: Request that we restrict certain processing activities.
To exercise any of these rights, email 100dots@polsia.app with the subject "GDPR Request." We will respond within 30 days.
7.2 If You Are in California (CCPA)
California residents have the right to know what personal information we collect, why we collect it, and with whom we share it. You also have the right to request deletion of your personal information (subject to certain exceptions). We do not sell personal information as defined under CCPA. To submit a request, email 100dots@polsia.app.
8. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us at 100dots@polsia.app so we can delete it.
9. Third-Party Links
The Service contains links to Spotify, YouTube, and other external websites. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here with a revised "Last updated" date. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.
11. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: 100dots@polsia.app
- 100 DOTS · c/o Polsia Inc.