Privacy Policy

1. Scope

This Privacy Policy describes how Fruity Services (“Fruity”, “we”, “us”) collects, uses, discloses, and protects personal information when you visit fruity.bio, create a Fruity account, or use any of our products, websites, applications, or APIs (collectively, the “Service”). This Policy is incorporated into our Terms of Service.

2. Information We Collect

2.1 Information you provide

• Account information: email address, password (hashed), display name, alias/handle, profile photo, and any other fields you fill in.
• Profile content: bio text, links, themes, layouts, background images or videos, music selections, embedded media, and any other content you publish on your bio page.
• Communications: messages you send to support, feedback, and survey responses.
• Payment information: if you purchase a Paid Plan, our payment processor collects and processes your payment details. We do not store full card numbers on our servers.

2.2 Information collected automatically

• Device & technical data: IP address, browser type and version, operating system, device identifiers, language preference, and time zone.
• Usage data: pages viewed, links clicked, profile views, referrers, session duration, and similar interaction data.
• Log data: server logs, error reports, and diagnostic information generated automatically when you use the Service.
• Cookies and similar technologies: see our Cookie Policy.

2.3 Information from third parties

• OAuth providers: when you sign in or link an account using Discord, Google, GitHub, or another OAuth provider, we receive profile information from that provider as permitted by your settings with them.
• Connected platforms: when you connect a third-party platform (e.g., Spotify, Steam, Discord), we may fetch and cache public or authorized data such as username, avatar, status, activity, recently played media, or game stats — limited to what you have authorized.
• Analytics & security providers: aggregated or pseudonymized data about how the Service is used and abused.

3. How We Use Information

We use personal information to:

• provide, maintain, operate, and improve the Service;
• create and manage your account and profile page;
• process payments and manage subscriptions;
• display content you have chosen to publish to your visitors;
• authenticate you and protect against fraud, abuse, spam, and security incidents;
• provide customer support and respond to your requests;
• send you transactional communications (account, security, billing notices, terms updates);
• send you marketing communications where permitted, which you can opt out of at any time;
• generate aggregated, de-identified analytics to understand how the Service is used and to improve it;
• comply with legal obligations and enforce our agreements.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

• Performance of a contract — to provide the Service you have signed up for.
• Legitimate interests — to operate, secure, and improve the Service, prevent fraud, and grow our business, where those interests are not overridden by your rights.
• Consent — for non-essential cookies, certain marketing, and where required by law. You may withdraw consent at any time.
• Legal obligation — when we are required to retain or disclose data by law.

5. How We Share Information

We do not sell your personal information. We share personal information only as described below:

• Public profile content. Anything you publish on your bio page (alias, links, photos, embedded media) is public by design and may be viewed and indexed by anyone, including search engines.
• Service providers. We share data with vendors that help us run the Service — hosting, storage, content delivery, analytics, error monitoring, customer support, and payment processing — under contracts that require them to protect your data and use it only on our instructions.
• Connected third parties. When you link an external platform, we exchange data with that platform as needed to deliver the integration.
• Legal & safety. We may disclose information when required by law, subpoena, court order, or other valid legal process; to enforce our Terms; to protect our rights, property, or safety, or those of our users or the public; or in connection with a fraud or security investigation.
• Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of such transfer where required.
• With your consent. For any other purpose disclosed to you with your consent.

6. Cookies & Tracking

We use cookies and similar technologies to operate the Service, remember your preferences, authenticate you, and understand usage. For details, please see our Cookie Policy.

7. Third-Party Integrations

The Service integrates with third-party platforms (such as Discord, Spotify, Steam, GitHub, and others). These platforms have their own privacy policies, and we are not responsible for their practices. We recommend reviewing their policies before connecting your accounts. You can revoke any integration at any time from your dashboard or directly with the third party.

8. Data Retention

We retain personal information for as long as necessary to provide the Service and for the purposes described in this Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal data within a reasonable period, except where retention is required by law (for example, tax or accounting records) or where retained backups have not yet been overwritten in the normal course of operations.

9. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, hashed passwords, access controls, and monitoring. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information. You are responsible for protecting your account credentials and for using unique, strong passwords.

10. International Data Transfers

Fruity operates internationally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including jurisdictions that may not have the same data protection laws. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect transfers of personal data outside the EEA, the UK, and Switzerland.

11. Your Rights

Subject to applicable law, you have the following rights with respect to your personal information:

• Access — request a copy of the information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal information, subject to legal exceptions.
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — request a copy of your data in a machine-readable format.
• Objection — object to processing based on our legitimate interests, including for direct marketing.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
• Lodge a complaint — with your local data protection authority.

To exercise any of these rights, email [email protected]. We may need to verify your identity before responding.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the CPRA, gives you additional rights, including the right to know what personal information we collect, the right to delete that information, the right to correct inaccurate information, the right to opt out of the “sale” or “sharing” of personal information, and the right not to be discriminated against for exercising your rights.

We do not sell personal information as defined under the CCPA, and we do not knowingly sell or share the personal information of minors under 16. To exercise your California rights, contact [email protected].

13. EEA / UK / Swiss Rights

If you are in the EEA, the UK, or Switzerland, you have the rights described in Section 11. You also have the right to lodge a complaint with the supervisory authority in your country of residence. For users in those regions, the data controller is Fruity Services unless otherwise indicated.

14. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children under those ages. If you believe we have collected personal information from a child, please contact us at [email protected] and we will delete it.

15. Do Not Track

Some browsers offer a “Do Not Track” signal. Because there is no industry standard for how to respond to such signals, we currently do not respond to them. We do, however, honor opt-outs for non-essential cookies as described in our Cookie Policy.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email and update the “Last updated” date above. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

17. Contact & DPO

Questions, requests, or complaints about this Privacy Policy or our data practices can be sent to [email protected]. If we have appointed a Data Protection Officer, you may also contact them at the same address with the subject line “DPO”.