Privacy Policy

This Privacy Policy describes how Apotentia LLC ("we," "us," "our," or "Gecker") collects, uses, shares, and protects your personal information when you use our platform and services (collectively, the "Service").

We are committed to protecting your privacy and being transparent about our data practices. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

By using the Service, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

To understand what data we collect and how we use it, it's important to understand how Gecker works. Gecker uses a unique organizational structure based on natural metaphors:

2.1 How Content is Organized

• Trees: Public communities where users gather around shared interests (similar to subreddits)
• Yards: Your personal Tree showing all your posts - every user has exactly one Yard
• Gardens: Verified business communities that require admin approval
• Forests: Custom combinations of multiple Trees you create to organize your feed
• Arboreta: Custom combinations of Gardens for business content
• Dens: Private group messaging spaces for 2-100 members (single-member Dens are called "Notebooks")

2.2 Privacy Implications

Understanding these organizational structures helps you control your privacy:

• Public Content: Posts in Trees and your Yard are visible to all subscribers of those Trees
• Private Content: Messages in Dens are only visible to Den members
• Friends-Only: You can mark posts as friends-only, restricting visibility to your friends list
• NSFW Content: Content marked NSFW is only visible to users 18+ who confirm their age

2.3 Our Ad-Free Promise

Gecker will never sell your data or show you advertisements. The platform is sustained entirely by voluntary donations from our community. This means:

• We don't track you for advertising purposes
• We don't build advertising profiles
• We don't share your data with advertisers or data brokers
• We don't use algorithms to maximize engagement and ad views
• Your data is used solely to provide and improve the Service

3.1 Information You Provide

When you create an account or use the Service, you may provide us with:

• Account Information: Username, email address, password (encrypted)
• Profile Information: Display name, bio, profile customization preferences, social media links
• Content: Posts, comments, messages, and other user-generated content
• Payment Information: When making donations via Stripe (processed by Stripe, not stored by us)
• Communications: Messages you send to us or other users through the Service

3.2 Automatically Collected Information

When you use the Service, we automatically collect certain information:

• Usage Data: Pages viewed, posts read, Trees visited, Forests created, timestamps of activity
• Device Information: IP address, browser type and version, operating system and version, device type (mobile, tablet, desktop, bot), and device model when available. This information is collected passively through standard HTTP headers and may be blocked by privacy-focused browsers or browser extensions.
• Log Data: Access times, error logs, performance data
• Cookies and Tracking: Session cookies, preference cookies (see Section 8)

3.3 Information from Third Parties

We may receive information from third-party services you connect to Gecker (e.g., if you use social login features in the future). We do not purchase or obtain personal data from data brokers.

We use the information we collect for the following purposes:

• Provide and Maintain the Service: Account creation, authentication, content delivery, platform functionality
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Safety and Security: Prevent fraud, abuse, and violations of our Terms; enforce our policies; protect users
• Communication: Send account notifications, respond to support requests, deliver important updates
• Moderation: Review reported content, investigate violations, maintain community standards
• Legal Compliance: Comply with legal obligations, respond to lawful requests, enforce our rights
• Analytics: Understand how users interact with the platform (aggregated, anonymized data)

We do NOT use your information for:

• Targeted advertising (we have no ads)
• Selling or renting your data to third parties
• Profiling for marketing purposes
• Tracking you across other websites or apps

We do not sell your personal information. We only share your information in the following limited circumstances:

5.1 With Your Consent

We share information that you explicitly choose to make public:

• Posts and comments you create (visible to subscribers of Trees where posted)
• Your profile information (visible to other users)
• Your sponsor tier status (if you choose to donate)

5.2 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

• SendGrid: Email delivery for account verification, notifications, and important updates
• Stripe, Inc.: Payment processing for credit/debit card donations (see Section 5.6 for detailed disclosure)
• Hosting Provider: InMotion Hosting for server infrastructure
• hCaptcha (Intuition Machines, Inc.): Bot protection service for login and registration forms. When you complete a captcha challenge, hCaptcha receives your IP address, browser fingerprint (user agent, screen resolution, canvas data), mouse/interaction patterns, and timing data. hCaptcha is GDPR compliant and does not sell your data. View their privacy policy at https://www.hcaptcha.com/privacy

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.3 Legal Obligations

We may disclose your information if required by law or in response to:

• Valid legal process (subpoena, court order, search warrant)
• Government or regulatory requests
• National security requirements
• Emergency situations involving danger of death or serious physical injury

5.4 Business Transfers

If Gecker is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service of any such change in ownership or control of your personal information.

5.5 Safety and Enforcement

We may share information to prevent illegal activity, investigate violations of our Terms, protect the safety of users, or enforce our rights. For example, we may share information about accounts posting child sexual abuse material (CSAM) with law enforcement and NCMEC.

5.6 Third-Party Payment Processors (Stripe)

When you make a donation via credit or debit card, we use Stripe, Inc. to process payments. Stripe is required to collect certain information to process payments, prevent fraud, and comply with financial regulations.

Data Stripe Collects:

• Payment information: Card number, expiration date, CVV security code
• Billing information: Name, email address, billing address
• Technical data: IP address, device information, browser type and version
• Transaction data: Donation amount, date, time, payment status

How Stripe Uses Your Data:

• Payment processing: To complete your donation transaction
• Fraud prevention: To detect and prevent fraudulent transactions and protect cardholders
• Risk assessment: To build fraud detection models for future transactions
• Compliance: To comply with financial regulations (KYC, AML, card network rules)
• Dispute resolution: To handle chargebacks and payment disputes

Data Shared with Gecker:

Gecker only receives limited information from Stripe:

• Name: Your billing name
• Email: Your billing email address
• Donation amount: The amount you donated
• Donation date: When the donation was made
• Payment status: Whether the payment succeeded or failed

Stripe's Privacy Practices:

• No data selling: Stripe does not sell your personal information to third parties
• Partner sharing: Stripe may share data with card networks (Visa, Mastercard), banks, and fraud prevention services as required for payment processing
• Data retention: Stripe retains payment data for as long as necessary for business and legal purposes
• GDPR compliant: Stripe complies with GDPR and provides data protection safeguards

Stripe's Privacy Policy: For complete details about how Stripe handles your data, please review their privacy policy at https://stripe.com/privacy

Future Privacy-Focused Payment Options:

We recognize that some users prefer maximum privacy when making donations. We are planning to add:

• Cryptocurrency donations (Bitcoin via BTCPay Server) - no personal information required
• Direct bank transfers for large donations - maximum privacy with zero fees

These options are planned for implementation within 3-6 months of platform launch. You'll be notified when they become available.

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: Information is retained while your account is active
• Deleted Content: Soft-deleted for 1 year, then permanently deleted (see Section 6.1)
• Deactivated Accounts: Account data soft-deleted for 1 year, then permanently deleted
• Legal Holds: Data subject to legal obligations may be retained longer as required by law
• Backup Copies: Backup systems may retain data for up to 90 days after deletion

6.1 Soft Deletion Policy

When you delete content or deactivate your account, we use a "soft delete" approach:

• Content is immediately removed from public view
• Content is retained in our systems for 1 year for safety, security, and audit purposes
• Audit fields track deletion timestamp and user who performed deletion
• After 1 year, content is permanently deleted from all systems (except backups)

You may request immediate permanent deletion by contacting privacy@gecker.com, subject to legal and safety review.

We use cookies and similar technologies to provide and improve the Service:

7.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality (cannot be disabled)
• Preference Cookies: Remember your settings, theme preferences, and customizations
• Analytics Cookies: Help us understand how users interact with the Service (anonymized)
• Session Cookies: Maintain your login session (deleted when you close your browser)

7.2 Third-Party Cookies

We do not use third-party advertising or tracking cookies. The only third-party cookies come from essential service providers (e.g., Stripe during donation processing).

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may break functionality)
• Delete cookies when you close your browser

Depending on your location, you may have certain rights regarding your personal information:

8.1 Rights Under GDPR (EU/EEA/UK)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw previously given consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights Under CCPA (California)

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we never sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

8.3 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@gecker.com
• Use the data export/deletion tools in your account settings
• Contact support@gecker.com for assistance

We will respond to your request within 30 days (45 days for complex requests). We may need to verify your identity before processing certain requests.

Age Requirement: Gecker requires users to be at least 13 years of age. We do not knowingly collect personal information from children under 13.

NSFW Content: Users must be at least 18 years of age to view content marked as NSFW (Not Safe For Work) or adult content. We use age verification to restrict access.

Parental Notice: If we discover that we have inadvertently collected information from a child under 13, we will delete that information immediately. Parents or guardians who believe their child has provided us with personal information should contact us at privacy@gecker.com.

Teen Safety: Users aged 13-17 are encouraged to use the Service with parental guidance. We recommend parents discuss online safety and privacy with their children.

Gecker is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

For users in the EU/EEA/UK: We rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission. You may request a copy of these safeguards by contacting privacy@gecker.com.

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

• Encryption: Data in transit encrypted using TLS/SSL; passwords hashed using bcrypt
• Access Controls: Limited access to personal data on a need-to-know basis
• Monitoring: Regular security audits and monitoring for suspicious activity
• Secure Development: Security best practices in code development and deployment
• Incident Response: Procedures to respond to security breaches

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we strive to use commercially acceptable means to protect your personal information.

Your Responsibility: You are responsible for maintaining the security of your account credentials. Use a strong, unique password and never share it with others.

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no common understanding of how to interpret DNT signals, we do not currently respond to browser DNT signals. However, we do not track you across third-party websites or services for advertising purposes.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Email to the address associated with your account
• Prominent notice on the Service
• Updated "Last Updated" date at the top of this policy

Your continued use of the Service after we post changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/EEA/UK Users: Our representative for data protection matters can be reached at the same email address. You also have the right to lodge a complaint with your local data protection authority.

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA).

15.1 Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, username, IP address)
• Internet or network activity (browsing history on our Service, interactions with posts)
• Geolocation data (approximate location based on IP address)
• User-generated content (posts, comments, messages)

15.2 Sale of Personal Information

We do not sell personal information and have not sold personal information in the past 12 months.

15.3 Right to Opt-Out

Because we do not sell personal information, there is no need to opt-out. We will never sell your personal information in the future. This is a core principle of Gecker.