Privacy Policy

1. Introduction

STR Tech Report ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

STR Tech Report is the data controller for personal data collected through this website. Contact: info@strtechreport.com

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Data

• Email address (when you create an account)
• Display name, company, and job title (optional, provided by you)
• LinkedIn profile data (when you authenticate via LinkedIn OAuth)
• Password (stored securely hashed, never in plain text)

3.2 Profile Data (People Directory)

• Name, bio, role/title, and location
• Avatar/profile image URL
• Social media links (LinkedIn, Twitter, Website, Substack)
• LinkedIn follower count (publicly available data)
• Content source URLs you provide

3.3 Usage Data

• Pages visited, search queries, clicks (anonymized analytics)
• Device type, browser, and IP address (for security and analytics)
• Cookies and similar technologies (see our Cookie Policy)

3.4 Submission Data

• Event submissions, association listings, and vendor reviews you submit
• Email addresses provided in submission forms

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on:

• Consent — When you create an account, claim a profile, submit content, or accept cookies
• Legitimate interest — To operate, secure, and improve our Service; to display publicly available professional information in our directory
• Contract performance — To provide the services you request (account management, profile editing)

5. How We Use Your Data

• To operate and maintain the Service
• To display profiles in our People directory
• To verify identity during profile claims (via LinkedIn OAuth or email)
• To send transactional emails (verification, claim confirmations)
• To analyze usage and improve the Service
• To prevent fraud and ensure security

6. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase — Database and authentication provider (data processed in the EU/US)
• Resend — Email delivery service (for transactional emails)
• Vercel — Hosting provider
• LinkedIn — When you use LinkedIn OAuth for authentication

All third-party processors are bound by data processing agreements compliant with GDPR.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the provider's participation in an approved transfer mechanism.

8. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Profile data: Retained while your profile is active. You can edit or request deletion at any time.
• Usage data: Anonymized analytics retained for up to 24 months.
• Verification tokens: Automatically expire after 24 hours.

9. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access — Request a copy of all personal data we hold about you
• Rectification — Correct inaccurate or incomplete data (via your profile edit page)
• Erasure — Request deletion of your personal data ("right to be forgotten")
• Restriction — Request restriction of processing in certain circumstances
• Portability — Receive your data in a structured, commonly used format
• Objection — Object to processing based on legitimate interest
• Withdraw consent — Withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at info@strtechreport.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including: encrypted connections (HTTPS), secure password hashing, access controls, and regular security reviews.

11. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. We encourage you to review this page periodically.

13. Contact & Complaints

For any questions or concerns about your privacy, contact us at info@strtechreport.com.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.