MEDIAORDER

MediaOrder — Privacy Policy

Last updated: [Date of launch] Effective date: [Date of launch]

This Privacy Policy explains how MediaOrder ("MediaOrder," "we," "us"), operated by Dror Levi in Pembroke Pines, Florida, collects, uses, and protects information when you use our Service.

If you do not agree with this Policy, do not use the Service.

1. What We Collect

1.1 Information you provide to us (Subscribers)

When you create a Subscriber account, you provide:

  • Email address (used for login and notifications)
  • Password (stored as a hashed, irreversible value — we never see your actual password)
  • Business name
  • Full name
  • Optional notification email
  • Pricing preferences and settings
  • Payment information (handled by Stripe — see Section 3)

1.2 Information your clients provide

When your clients access an order portal, they may provide:

  • Photos and videos they upload
  • Captions, notes, and comments
  • Music links, artist names, and song titles
  • The 4-digit PIN you set for the order (used only for portal access)

Clients do NOT create accounts. They do NOT provide personal information beyond what is necessary to use the portal.

1.3 Automatically collected information

When anyone uses the Service, we automatically collect:

  • IP address (used for security and rate limiting)
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Pages visited and actions taken within the Service
  • Timestamps of activity
  • Cookies and similar technologies (see Section 5)

We do NOT collect:

  • Precise GPS location
  • Contact lists from your device
  • Microphone or camera data (other than files you choose to upload)
  • Information from other apps on your device

1.4 Communications

If you contact us by email, we retain your messages to provide support and improve the Service.

2. How We Use Information

We use the information we collect to:

  • Provide and operate the Service
  • Authenticate Subscribers and authorize portal access
  • Process subscription payments and prevent fraud
  • Send transactional emails (account confirmations, order notifications, password resets)
  • Respond to support requests
  • Improve the Service, including fixing bugs and adding features
  • Comply with legal obligations
  • Detect and prevent abuse, security incidents, or unauthorized access

We do NOT:

  • Sell your data to anyone
  • Share your content or your clients' content with advertisers
  • Use your photos, videos, or notes for AI training, machine learning, or any purpose other than providing the Service to you
  • Send marketing emails without your consent (transactional emails are different — these are necessary for the Service)

3. Payment Processing

Payments are processed exclusively by Stripe, Inc. Stripe handles your payment card information directly — we never see, store, or have access to your full card number or CVV.

Stripe's privacy practices are governed by Stripe's Privacy Policy: https://stripe.com/privacy

We retain only the following payment-related information:

  • A token identifying your payment method (provided by Stripe)
  • Your billing email (which may match your account email)
  • Payment history (subscription periods, amounts, status)

4. Information Sharing

We share information only in these limited circumstances:

4.1 Service providers (sub-processors)

We use third-party services to operate MediaOrder. These providers receive only the data they need to perform their function:

  • Supabase (database and authentication hosting) — stores account, order, and file data
  • Vercel (web hosting) — serves the application
  • Stripe (payment processing) — handles subscription payments
  • Resend (email delivery) — sends transactional emails
  • AWS S3 or equivalent (file storage, via Supabase) — stores uploaded photos and videos

Each provider is contractually obligated to protect your data and use it only for the purpose of providing their service to MediaOrder.

4.2 Legal requirements

We may disclose information if required by law, court order, subpoena, or government request. We will notify affected users if legally permitted to do so.

4.3 Business transfers

If MediaOrder is acquired, merged with another company, or sells substantially all its assets, your information may transfer to the acquiring entity. We will notify you of any such change.

4.4 With your consent

We may share information with your explicit permission.

We do NOT share information with advertisers, data brokers, or marketing companies.

5. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication — keeping you logged in (essential)
  • Portal access — remembering that a client has entered the correct PIN (essential)
  • Preferences — remembering your settings within the app (essential)
  • Security — detecting suspicious activity (essential)

We do NOT use third-party advertising cookies, tracking pixels, or analytics services that share data with marketers. We may use a privacy-respecting analytics service (such as Plausible or Fathom) for aggregated usage statistics — these services do not track individual users across sites.

6. Data Security

We protect your information with industry-standard security practices:

  • All connections to MediaOrder use HTTPS encryption (TLS 1.2 or higher)
  • Passwords are stored as salted, irreversible hashes
  • File storage uses server-side encryption at rest
  • Database access is restricted by row-level security policies (Supabase RLS)
  • Access to production systems is limited to authorized administrators
  • Regular security updates are applied to all infrastructure

No system is perfectly secure. In the unlikely event of a data breach, we will notify affected users without undue delay and report to authorities as required by applicable law.

You are responsible for protecting your account credentials. If you suspect unauthorized access, contact us immediately.

7. Data Retention

7.1 Active accounts

We retain your data for as long as your account is active.

7.2 Canceled accounts

When you cancel your subscription, your data enters a 30-day grace period during which you can reactivate. After 30 days, your account and all associated data are permanently deleted from active systems.

7.3 Archived orders

Orders you archive are retained but excluded from your active list. You may permanently delete archived orders at any time. We may automatically purge archived orders after 30 days (future enhancement; currently archived orders are retained until you delete them manually).

7.4 Backups

We maintain encrypted backups for disaster recovery. Backup copies may retain deleted data for up to 30 days before they are overwritten.

7.5 Legal retention

We may retain certain information longer than the periods above if required by law (e.g., financial records for tax purposes) or to resolve disputes.

8. Your Rights

8.1 Access

You can view most of your data directly within MediaOrder. For a complete export, contact us by email.

8.2 Correction

You can update most account information directly from your settings page. For other corrections, contact us.

8.3 Deletion

You can permanently delete orders and uploaded content within the app. To delete your entire account, cancel your subscription — your data is permanently deleted after the 30-day grace period.

8.4 Portability

On request, we will provide your account data in a structured, machine-readable format.

8.5 Right to object or restrict processing

You can object to specific uses of your information by contacting us. Where legally required, we will honor such requests.

8.6 Right to withdraw consent

Where processing is based on your consent, you can withdraw that consent at any time. This does not affect processing that occurred before withdrawal.

8.7 Right to complain

If you believe we have violated your privacy rights, you may complain to a data protection authority. You may also contact us directly to resolve concerns.

9. Children's Privacy

MediaOrder is not directed at children under 13. We do not knowingly collect information from children under 13. If we learn that we have collected such information, we will delete it.

However, MediaOrder is commonly used to organize photos that may include children (e.g., bar/bat mitzvah, birthday, family event content). Subscribers and their clients are responsible for ensuring that the use of any minor's images complies with applicable law, including obtaining parental consent where required.

10. International Users

MediaOrder is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and stored in the United States, which may have different privacy protections than your country of residence.

If you are in the European Union, United Kingdom, or another jurisdiction with comprehensive data protection laws (such as GDPR), you have additional rights, including the right to lodge a complaint with your local data protection authority. We process EU data on the legal bases of contract performance (to provide the Service to you) and legitimate interests (security, fraud prevention, service improvement).

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will post the updated Policy at the same URL
  • We will update the "Last updated" date
  • For material changes, we will notify active Subscribers by email at least 30 days before the changes take effect

Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact

Privacy questions, requests, or concerns:

We will respond to verified privacy requests within 30 days.

This Privacy Policy works alongside our Terms of Service. By using MediaOrder, you agree to both.