UPSTRM Privacy Policy

Introduction

This Privacy Policy explains how UPSTRM (“we,” “us,” or “our”) collects, uses, and protects your information when you use our service at upstrm.dev.

Simple version: We collect minimal data to run the service. We don’t sell your information. You can delete your data anytime.

1. Information We Collect

Information You Provide

• Account Information: Email address, username, display name, bio, avatar
• Content: Server listings, comments, collections, reviews you post
• Communications: Messages you send us through contact forms or email
• Payment Information: If you subscribe to Pro, payment details (processed by Stripe, not stored by us)

Automatically Collected Information

• Usage Data: Pages you visit, features you use, time spent on site
• Device Information: Browser type, operating system, IP address
• Cookies: Small data files for authentication and preferences (see Section 5)

Activity Data

• Platform Activity: Servers you list, upvotes you cast, collections you create, users you follow
• Points and Badges: Automatically calculated from your contributions

Information We Don’t Collect

• We don’t track your location beyond IP-based country detection
• We don’t collect data from third-party MCP servers you install
• We don’t scan your emails or messages outside our platform
• We don’t use invasive tracking or fingerprinting

2. How We Use Your Information

We use your information to:

• Provide the Service: Create your account, display your content, calculate points
• Improve the Service: Understand how people use UPSTRM, fix bugs, add features
• Communicate: Send important updates, respond to support requests, notify about activity (if enabled)
• Prevent Abuse: Detect spam, fraud, and violations of our Terms
• Process Payments: Handle Pro subscriptions (via Stripe)
• Comply with Law: Respond to legal requests when required

What We Don’t Do

• We don’t sell your information to third parties
• We don’t use your data for advertising on other platforms
• We don’t train AI models on your private data
• We don’t share your email with other users (unless you choose to display it)

3. How We Share Your Information

Public Information

The following information is public by default:

• Your username, display name, bio, and avatar
• Server listings you create
• Comments and reviews you post
• Collections you make public
• Your points, level, and badges
• Upvotes you cast
• Users you follow (configurable in settings)

With Third Parties

We share limited data with:

• Stripe: Payment processing for Pro subscriptions (name, email, payment method)
• Email Service: Transactional emails like verification and notifications
• Analytics: Anonymous usage statistics to improve the service (no personal identification)
• Hosting Provider: Server infrastructure (encrypted data storage)

Legal Requirements

• Law enforcement with valid legal process
• Court orders or subpoenas
• Protection of our rights or safety of users
• DMCA or intellectual property claims

With Your Consent

We may share information with other parties if you explicitly agree.

4. Data Retention

Active Accounts

• We retain your data while your account is active
• You can update or delete content at any time
• Deleted content is removed within 30 days (backups may retain for 90 days)

Deleted Accounts

• You can delete your account by contacting us
• Account data is deleted within 30 days
• Some data may remain in backups for up to 90 days
• Public contributions (listings, comments) may remain anonymized

Legal Obligations

• We may retain data longer if required by law
• Data subject to legal holds is preserved as required

5. Cookies and Tracking

Cookies We Use

• Essential Cookies: Required for login and security (can’t be disabled)
• Preference Cookies: Remember your settings and choices
• Analytics Cookies: Help us understand site usage (anonymized)

Managing Cookies

• You can control cookies through your browser settings
• Disabling essential cookies will prevent login
• Disabling other cookies may limit functionality

Do Not Track

We respect Do Not Track signals where possible. Some analytics may still function with limited data.

6. Data Security

How We Protect Your Data

• Encrypted connections (HTTPS/TLS)
• Secure password storage (hashed and salted)
• Regular security updates
• Access controls for our team
• Monitoring for suspicious activity

What You Can Do

• Use a strong, unique password
• Don’t share your account credentials
• Log out on shared devices
• Enable two-factor authentication (when available)
• Report security concerns to security@upstrm.dev

No Guarantee

Despite our efforts, no method of transmission or storage is 100% secure. Use the service at your own risk.

7. Your Rights and Choices

Access Your Data

• View your data through your profile and settings
• Request a copy of your data by contacting us

Update Your Data

• Edit your profile information anytime
• Update or delete your content
• Change privacy settings

Delete Your Data

• Delete specific content (listings, comments, collections)
• Delete your entire account by contacting us
• Data removal takes up to 30 days

Export Your Data

• Request an export of your data by contacting us
• Receive data in machine-readable format (JSON)
• Typically fulfilled within 7 days

Opt Out of Communications

• Unsubscribe from email notifications in settings
• You’ll still receive essential account emails (security, legal)

California Privacy Rights

If you’re a California resident, you have additional rights under CCPA:

• Right to know what data we collect
• Right to delete your data
• Right to opt out of data sales (we don’t sell data)
• Right to non-discrimination

European Privacy Rights

If you’re in the EU/EEA, you have rights under GDPR:

• Right to access your data
• Right to rectification (correction)
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with supervisory authority

8. Children’s Privacy

UPSTRM is not intended for children under 13 years old. We don’t knowingly collect information from children under 13. If we learn we’ve collected data from a child under 13, we’ll delete it immediately. If you believe a child has provided us information, contact us at privacy@upstrm.dev.

9. Third-Party Links

UPSTRM contains links to third-party MCP servers, repositories, and websites. We’re not responsible for the privacy practices of these third parties. Review their privacy policies before providing information.

Important: When you install a third-party MCP server, you’re subject to that server’s privacy policy and data practices, not ours.

10. International Data Transfers

UPSTRM is hosted in the United States of America. If you access the service from outside this region, your data may be transferred internationally. By using UPSTRM, you consent to this transfer.

11. Changes to This Policy

Updates

• We may update this Privacy Policy at any time
• Material changes will be notified via email or platform notice
• “Last Updated” date will reflect changes
• Continued use after changes means you accept the updated policy

Notification

• Significant changes: Email notification + banner on site
• Minor changes: Updated policy posted, no notification

12. Contact Us

For privacy questions or requests:

• Privacy inquiries: privacy@upstrm.dev
• Data requests: privacy@upstrm.dev
• Security concerns: security@upstrm.dev
• General support: support@upstrm.dev
• Contact form: upstrm.dev/contact

Response Time

• General inquiries: Within 7 days
• Data requests: Within 30 days
• Security concerns: Within 48 hours

13. Summary of Key Points

• What we collect: Email, username, content you post, usage data
• Why: To run the service, improve it, prevent abuse
• Sharing: Minimal (payment processor, email service, anonymous analytics)
• Your rights: Access, update, delete, export your data
• Security: Encrypted connections, secure storage, regular updates
• Contact: privacy@upstrm.dev for any privacy questions