Sponsored

Sponsored

Legal

Data & Compliance

Last updated: July 5, 2026

🔒

Secure Storage

All data encrypted at rest and in transit via SSL/TLS.

🌍

GDPR Aware

We respect user rights including access, deletion, and portability.

🚫

No Data Selling

We never sell or rent your personal data to third parties.

1. Overview

At Indie-Builds.com, we take data protection and compliance seriously. This page outlines our approach to data governance, security practices, regulatory compliance, and how we handle your data responsibly as a platform operator.

2. Data We Collect & Why

Data TypePurposeRetention
Email addressAccount authentication, notificationsUntil account deletion
Username / display namePublic profile and attributionUntil account deletion
Project submissionsPlatform listings and community discoveryUntil removed by user or admin
IP addressSecurity, fraud prevention, rate limiting30 days (rolling)
Usage analyticsProduct improvement and analyticsUp to 12 months
Payment recordsLegal and billing compliance7 years (legal obligation)

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contractual necessity: Processing needed to fulfill our service agreement with you (e.g., maintaining your account, displaying your submissions).
  • Legitimate interests: Analytics, fraud prevention, and platform security, where such interests are not overridden by your rights.
  • Legal obligation: Retaining financial records for tax and accounting compliance.
  • Consent: For non-essential cookies or optional marketing communications, where we ask for and record your consent.

4. Data Security Measures

We implement industry-standard security practices, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Encryption at rest: Database records stored via Supabase are encrypted at rest.
  • Authentication security: Passwords are never stored in plaintext. Authentication is managed via Supabase Auth with secure session tokens.
  • Access controls: Only authorized personnel have access to production systems and databases.
  • Regular updates: We keep our dependencies and infrastructure up-to-date to mitigate known vulnerabilities.

5. Sub-processors & Third-Party Infrastructure

We rely on the following trusted sub-processors to deliver our services:

ProviderPurposeData Location
SupabaseDatabase & authenticationAWS (us-east-1)
VercelHosting & edge deliveryGlobal CDN
Dodo PaymentsPayment processingEU / Global

All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

6. International Data Transfers

Our infrastructure may involve the transfer of data outside your country of residence. Where such transfers occur (e.g., to the United States), we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under GDPR.

7. Your Data Rights

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restriction: Ask us to limit how we process your data in certain circumstances.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at bigzapps@gmail.com with "Data Request" in the subject line. We will respond within 30 days.

8. Data Breach Response

In the event of a personal data breach, we will:

  • Assess the scope and severity of the breach immediately.
  • Notify affected users without undue delay (and within 72 hours where required by GDPR) if the breach poses a high risk to their rights.
  • Report to the relevant supervisory authority if legally required.
  • Take immediate steps to contain and remediate the breach.

9. Cookies Policy

We use the following categories of cookies:

  • Strictly necessary: Session management and authentication. Cannot be disabled as they are required for the platform to function.
  • Performance / Analytics: Anonymous usage statistics to help us understand how users interact with the platform.

We do not use advertising or tracking cookies beyond what is necessary for platform functionality.

10. Contact & Complaints

For any data protection enquiries, requests, or complaints, please contact us:

Indie-Builds.com — Data Controller

Email: bigzapps@gmail.com

Website: indie-builds.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.