Privacy Policy

SimplyNickish ("we", "us", "our") operates the website simplynickish.com and associated sub-domains. The data controller for your personal information is Nick Fraser, trading as SimplyNickish.

If you have any questions about this policy or how we handle your data, contact us at simplynickish@gmail.com.

We collect the following categories of personal data:

Account data — when you create an account, we collect your email address, display name, and OAuth profile data (name, avatar) from providers you choose to connect (Google, Discord, Twitch, X/Twitter). We do not store your OAuth passwords.

Subscription & billing data — if you subscribe, payment is processed by Stripe. We receive your subscription status, plan tier, and billing country. We do not store your full card details.

Usage data — standard server logs including IP address, browser type, pages visited, and timestamps. This is used for security, debugging, and analytics.

Communications — if you contact us or join our waitlist, we store your email and the content of your message.

Early access codes — if you redeem an access code, we record that redemption against your account to prevent re-use.

• To provide, operate, and improve the SimplyNickish platform and its apps
• To authenticate you and manage your account and subscription
• To process payments and fulfil your subscription plan
• To send transactional emails (account confirmation, subscription receipts, password resets)
• To send you platform updates and launch announcements, if you opted in
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

We process your personal data on the following legal bases under the UK GDPR and GDPR:

• Contract — to provide services you have requested (account creation, subscription)
• Legitimate interests — for security, fraud prevention, and platform analytics
• Consent — for marketing emails, which you may withdraw at any time
• Legal obligation — where required by applicable law

We share your data only with trusted third-party service providers required to operate the platform:

• Supabase — authentication and database hosting (EU/US infrastructure)
• Stripe — payment processing (PCI-DSS compliant)
• Vercel — hosting and edge delivery
• Resend — transactional email delivery (account confirmation, receipts, password resets)
• Google, Discord, Twitch, X/Twitter — OAuth providers you connect

Each provider processes data under their own privacy policies and data processing agreements. We do not share your data with advertisers, data brokers, or any other parties.

We use cookies and similar technologies to operate the site. See our Cookie Policy for full details.

Essential cookies (authentication sessions, CSRF protection) are required for the site to function. Preference cookies are optional — you can manage them via your browser settings.

We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required to retain it for legal compliance (e.g. tax records, which are retained for 7 years).

Server logs are retained for up to 90 days for security purposes.

You have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Restriction — request we limit how we process your data
• Objection — object to processing based on legitimate interests
• Withdraw consent — for marketing emails, unsubscribe at any time

To exercise any of these rights, email simplynickish@gmail.com. We will respond within 30 days.

If you are located in the European Union or the United Kingdom, you have additional rights under the GDPR and UK GDPR respectively. The above rights section applies in full. You also have the right to lodge a complaint with your local data protection authority — in the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

Where data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses or adequacy decisions to ensure it remains protected.

For any privacy-related enquiries, data subject requests, or complaints, contact:

Nick Fraser — SimplyNickish
simplynickish@gmail.com

We aim to respond to all requests within 30 days.