Paramanga

Privacy Policy

Last updated: 8 April 2026

1. Introduction

This Privacy Policy explains how Parasocial Limited (company number 16308411, registered in England and Wales) ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the Paramanga website and services ("Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Service, you consent to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

  • Account information: email address, display name, and password (for email-based registration).
  • OAuth data: when you sign in via Google, we receive your name, email, and profile picture from your Google account.
  • Payment information: payment card details and billing address are collected and processed directly by Stripe. We do not store your full card number on our servers.
  • Communications: information you provide when contacting support, including email content and attachments.

3.2 Information Collected Automatically

  • Usage data: pages visited, features used, reading history, and interaction patterns.
  • Device information: browser type, operating system, device type, screen resolution, and language preferences.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies and similar technologies: see Section 8 below.

3.3 Information from Third Parties

  • Stripe: subscription status, payment history, and customer identifiers for billing purposes.
  • Google OAuth: profile information as authorised by you during sign-in.

4. Legal Bases for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance (Article 6(1)(b)): to provide the Service, manage your account, and process subscriptions.
  • Legitimate interests (Article 6(1)(f)): to improve the Service, prevent fraud, ensure security, and communicate service updates.
  • Legal obligation (Article 6(1)(c)): to comply with tax, accounting, and regulatory requirements.
  • Consent (Article 6(1)(a)): for optional marketing communications, which you can withdraw at any time.

5. How We Use Your Information

  • Providing and maintaining the Service and your account.
  • Processing payments and managing subscriptions via Stripe.
  • Sending transactional emails (account confirmation, password resets, billing receipts).
  • Responding to support requests and communications.
  • Improving the Service, analysing usage patterns, and fixing bugs.
  • Detecting, preventing, and addressing fraud, abuse, and security issues.
  • Complying with legal obligations and enforcing our Terms of Service.
  • Sending marketing communications (only with your explicit consent).

6. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

  • Stripe: payment and subscription data for billing processing. Stripe acts as an independent data controller. See Stripe's Privacy Policy.
  • Supabase: account and application data stored in our database infrastructure. See Supabase's Privacy Policy.
  • Resend: email address for transactional email delivery.
  • Legal requirements: when required by law, court order, or governmental authority.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
  • Protection of rights: to enforce our Terms, protect our rights, safety, or property, or that of our users.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States (where Stripe and Supabase operate). We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), to protect your data in compliance with UK GDPR.

8. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: required for authentication, session management, and security. These cannot be disabled.
  • Functional cookies: remember your preferences such as language and display settings.
  • Analytics cookies: help us understand how the Service is used to improve performance and user experience.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

9. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service and maintain your account.
  • Comply with legal, tax, and accounting obligations (typically 6 years for financial records under UK law).
  • Resolve disputes and enforce our agreements.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law. Stripe may retain payment data independently in accordance with their own retention policies and legal obligations.

10. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time.
  • Right to lodge a complaint: with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at privacy@paramanga.com. We will respond within 30 days.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Secure authentication with hashed passwords and OAuth 2.0.
  • Row-Level Security (RLS) policies on our database.
  • Regular security reviews and access controls.
  • Payment data processed exclusively by PCI DSS Level 1 certified Stripe.

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users and the ICO within 72 hours as required by UK GDPR.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at privacy@paramanga.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, contact us: