Privacy Policy

Last updated: May 2, 2026

1. Who We Are

SurgeNiche is an AI-powered YouTube niche discovery platform operated by Viktor Martin. If you have any questions about this Privacy Policy or how your data is handled, you can reach us at vikmartin.online@gmail.com.

2. What Data We Collect

We collect only the minimum data necessary to provide the service:

• Email address — collected when you sign up or log in, handled via Supabase Auth.
• Usage analytics — anonymized product events (page views, feature interactions) collected via PostHog. No personally identifiable information is attached to these events unless you are logged in.
• Payment metadata — billing information (e.g. subscription status, invoice history) is processed entirely by Stripe. We do not store card numbers, CVVs, or any raw payment card data on our servers.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Authentication — to verify your identity and provide secure access to your account.
• Product improvement — aggregated, anonymized analytics help us understand how the product is used and prioritize improvements.
• Transactional emails — billing receipts, payment failure alerts, and critical service notifications. We do not send marketing emails without explicit consent.

4. Third-Party Services

SurgeNiche relies on the following sub-processors, each of which maintains its own GDPR-compliant data processing agreement:

• Supabase — database and authentication infrastructure. Data is stored in the EU region (Frankfurt).
• Stripe — payment processing and subscription management. Stripe is PCI DSS Level 1 certified and GDPR-compliant.
• PostHog — product analytics. We use PostHog Cloud (EU) with IP anonymization enabled.
• Vercel — hosting and edge delivery of the SurgeNiche web application. Vercel is GDPR-compliant and processes request logs transiently.

We do not sell your personal data to any third party, nor do we share it with third parties for advertising purposes.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data (“right to be forgotten”).
• Right to restriction — request that we restrict processing of your data in certain circumstances.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing of your data based on legitimate interests.

To exercise any of these rights, please email vikmartin.online@gmail.com. We will respond within 30 days.

6. Cookies

We use two categories of cookies:

• Essential cookies — required for authentication session management (set by Supabase Auth). These cannot be disabled without breaking login functionality.
• Analytics cookies — set by PostHog to track anonymized product usage. These are only activated with your consent. You may opt out at any time by contacting us or by blocking cookies in your browser settings.

7. Data Retention

We retain your account data (email address, subscription status) for as long as your account is active. Upon receiving a verified deletion request, we will delete your personal data within 30 days. Anonymized analytics data that cannot be linked back to you may be retained indefinitely for aggregate product research.

Stripe may retain billing records for longer periods as required by applicable tax and financial regulations; please refer to Stripe's Privacy Policy for details.

8. Contact

For any privacy-related questions, data requests, or complaints, please contact us at vikmartin.online@gmail.com. If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.