Data Policy
Last updated: January 15, 2026
1. Overview
This Data Policy explains what data The Perfect Lie collects, how we process it, and how long we retain it. This policy supplements our Privacy Policy with more technical details about our data practices.
2. Data We Collect
2.1 Account Data
| Data Type | Purpose | Retention |
|---|---|---|
| Email address | Authentication, communications | Account lifetime + 30 days |
| Name | Profile display, personalization | Account lifetime + 30 days |
| Profile photo | Profile display | Account lifetime |
| Username | Profile identification | Account lifetime + 30 days |
2.2 User-Generated Content
| Data Type | Purpose | Retention |
|---|---|---|
| Comments | Community engagement | Until deleted or account deletion |
| Reviews | Community feedback | Until deleted or account deletion |
| Setup configurations | Sharing with community | Until deleted or account deletion |
| Messages | Business communication | 90 days after conversation closed |
2.3 Technical Data
| Data Type | Purpose | Retention |
|---|---|---|
| IP address | Security, fraud prevention | 90 days |
| Browser/device info | Analytics, optimization | 26 months (via Google Analytics) |
| Cookies | Authentication, preferences | Session or up to 1 year |
| Error logs | Debugging, improvement | 30 days |
3. Data Processing
3.1 Legal Bases for Processing (GDPR)
We process your data under the following legal bases:
- Contract Performance: Processing necessary to provide our services (account management, content delivery, messaging)
- Legitimate Interests: Analytics, security, fraud prevention, service improvement
- Consent: Marketing communications, optional cookies
- Legal Obligation: Tax records, legal compliance
3.2 Data Processing Activities
- Authentication: Processed by Clerk for secure sign-in and session management
- Payment Processing: Handled by Stripe; we store only transaction references
- Email Delivery: Sent via Resend; we log delivery status
- Image Hosting: Uploaded images stored on Cloudinary
- Analytics: Aggregated by Google Analytics; no personally identifiable information shared
4. Data Storage
4.1 Storage Locations
Your data is stored in the following locations:
- Primary Database: Hosted on secure cloud infrastructure (United States)
- File Storage: Cloudinary CDN (global distribution)
- Authentication: Clerk infrastructure (United States)
- Payment Data: Stripe infrastructure (PCI-compliant)
4.2 Security Measures
- Encryption at rest and in transit (TLS 1.3)
- Regular security audits and vulnerability scanning
- Access controls and audit logging
- Automated backup systems
5. Data Retention Schedule
5.1 Active Account Data
While your account is active, we retain all data necessary to provide our services. You can delete specific content (comments, reviews, setups) at any time.
5.2 After Account Deletion
- Account data: Deleted within 30 days
- User-generated content: Deleted or anonymized within 30 days
- Payment records: Retained for 7 years (legal requirement)
- Security logs: Retained for 90 days
- Backups: Purged within 90 days
5.3 Business Account Data
Business profiles and associated data follow the same retention schedule. Subscription and transaction records are retained for legal compliance.
6. Data Subject Rights
6.1 Access Your Data
You can view most of your data directly in your account settings. For a complete data export, contact us at privacy@theperfectlie.net.
6.2 Correct Your Data
Update your profile information at any time through your account settings. For data that cannot be edited directly, contact us.
6.3 Delete Your Data
Delete your account through account settings. This will initiate our deletion process as described above. Certain data may be retained for legal compliance.
6.4 Data Portability
Request a machine-readable export of your data by contacting privacy@theperfectlie.net. We will provide your data in JSON format within 30 days.
6.5 Object to Processing
You can object to certain processing activities (like marketing) through your notification preferences or by contacting us.
7. Third-Party Data Sharing
7.1 Service Providers
We share data with the following categories of service providers:
| Provider | Data Shared | Purpose |
|---|---|---|
| Clerk | Email, name, profile photo | Authentication |
| Stripe | Email, billing info | Payment processing |
| Vercel | Access logs, IP addresses | Hosting |
| Resend | Email address, name | Email delivery |
| Cloudinary | Uploaded images | Image hosting |
| Google Analytics | Anonymized usage data | Analytics |
| Google AdSense | Cookie identifiers | Advertising |
7.2 Data Processing Agreements
All service providers are bound by data processing agreements that require them to protect your data and use it only for specified purposes.
8. International Transfers
When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) with service providers
- Adequacy decisions where applicable
- Data privacy frameworks and certifications
9. Automated Decision-Making
We do not use fully automated decision-making that produces legal effects. Our systems may use automated processing for:
- Spam and abuse detection
- Content recommendations
- Search result ranking
These automated processes do not make decisions with significant effects on users without human review.
10. Data Breach Procedures
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Report to relevant supervisory authorities as required
- Provide information about the breach and steps to protect yourself
- Take immediate steps to contain and remediate the breach
11. Children's Data
We do not knowingly collect data from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately. Parents or guardians who believe their child has provided data should contact us.
12. Changes to This Policy
We will notify you of material changes to this Data Policy via email or prominent notice on our Service at least 30 days before changes take effect. Minor clarifications may be made without notice.
13. Contact Us
For data-related inquiries, requests, or concerns:
- Email: privacy@theperfectlie.net
- Website: www.theperfectlie.net/contact
For EU residents, you also have the right to lodge a complaint with your local data protection authority.