Cuslr Privacy Policy

Effective date: January 6, 2025 (KST)
Last updated: January 6, 2025 (KST)

This Privacy Policy describes how Cuslr ("we", "us", "our") collects, uses, shares, and protects personal information when you visit our website, install or use our Chrome extension, create an account, participate in the Affiliate Program, or otherwise use our services (collectively, the "Service").

By using the Service, you consent to this Policy. If you do not agree, do not use the Service.

Controller: [Operator Legal Name, Address, Registration No.]
Contact: privacy@cuslr.com

1. Information We Collect

We collect the following categories of information:

1.1 Account & Profile

  • Name, display name, email address, profile image/avatar.
  • Authentication identifiers (e.g., OAuth IDs), login timestamps, account status/plan.

1.2 Service Usage & Sync

  • Dashboard layouts, templates, widget configurations, and widget data you choose to store or sync via Chrome extension storage and our cloud servers.
  • Background images: When you select wallpapers from Picsum Photos, we download and convert images to WebP format, then upload them to Supabase Storage for synchronization across your devices.
  • Public templates: If you choose to share a template publicly, the template name, widget layout, background settings, and widget configurations become publicly accessible.
  • Device and technical data: browser type/version, OS, language, time zone, extension version, and diagnostic logs.
  • Actions and events within the Service (e.g., add widget, change template, copy referral link), timestamps, and basic telemetry.

1.3 Affiliate Program

  • Referral link ID, attribution events (account creation via your link, subscription events tied to referred accounts).
  • Payout details: payout method (PayPal ID), payout history, amounts, and status.
  • Tax/KYC information you provide when requested (e.g., government IDs, tax forms) to comply with legal obligations.
  • Fraud screening data: IP address, device identifiers, basic risk signals.

1.4 Payments (Subscribers)

  • Billing details processed by payment providers (e.g., last four digits, card brand, transaction IDs); we do not store full card numbers.
  • Subscription status, plan, charge history, refunds, and chargebacks.

1.5 Cookies & Similar Technologies

  • Cookies or local storage for authentication, preferences, analytics, language, and referral attribution.
  • In the extension, we may use Chrome extension storage APIs for settings and sync.

1.6 Communications

  • Emails and support requests, including metadata and content.
  • Marketing preferences and unsubscribe records.

We do not intentionally collect sensitive categories of data unless required for compliance (e.g., identity verification for Affiliate payouts).

2. How We Use Information (Purposes & Legal Bases)

We use information for the following purposes and legal bases:

  • Provide the Service (perform our contract): operate accounts, sync dashboards, deliver widgets/templates, support features.
  • Affiliate Program (perform our contract): attribute referrals, calculate commissions, process payouts, prevent fraud.
  • Improve & Secure the Service (legitimate interests): analytics, debugging, monitoring, and enhancing performance and security.
  • Communications (legitimate interests/consent): service notices, updates, and—where permitted—marketing messages.
  • Compliance (legal obligations): taxes, bookkeeping, KYC/AML checks, responding to lawful requests.
  • Protect Rights (legitimate interests): enforce terms, defend against claims, and prevent abuse.

Where consent is required by law (e.g., certain cookies/marketing), we will request it and honor your choices.

3. Sharing of Information

We share information with:

  • Service Providers/Processors: cloud hosting, storage, analytics, customer support, email delivery, payment processors, and payout providers (e.g., PayPal) to provide the Service.
  • Compliance & Safety: law enforcement, regulators, or other parties when required by law or to protect rights, safety, and security.
  • Business Transfers: as part of a merger, acquisition, financing, or sale of assets, subject to confidentiality.
  • With Your Direction: when you share templates publicly or link third‑party services.

We do not sell personal information. We may share limited data for "targeted advertising" or "cross‑context behavioral advertising" only with your consent where required.

4. International Transfers

We may process and store information in countries other than yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement technical and organizational measures to protect data.

5. Data Retention

We keep information for as long as necessary to provide the Service and fulfill the purposes above, including to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. We may anonymize or aggregate data for analytics.

6. Security

We implement administrative, technical, and physical safeguards designed to protect information (e.g., encryption in transit, access controls, logging). No method of transmission or storage is completely secure; you are responsible for maintaining the confidentiality of your credentials.

7. Your Rights & Choices

Depending on your location, you may have rights to:

  • Access, correct, update, or delete your personal information.
  • Object to or restrict processing, and request portability.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications at any time.
  • Control cookies through browser settings or provided consent tools.

EEA/UK/Swiss residents: you may lodge a complaint with your supervisory authority.

California residents: you have rights under the CCPA/CPRA (e.g., to know, delete, correct, and opt‑out of sale/share). We do not sell personal information.

Requests can be made at privacy@cuslr.com. We may verify your identity before fulfilling requests.

8. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided information, contact us and we will take appropriate steps to delete it.

9. Affiliate‑Specific Notices

  • We store your referral link ID and attribution events to operate the Affiliate Program.
  • Payout data includes your PayPal ID. PayPal transfers are subject to PayPal's terms and processing times. We are not responsible for PayPal fees or processing delays.
  • We may conduct KYC/AML checks and maintain records as required by law. Failure to provide requested information may result in suspended payouts or termination from the program.

10. Cookies & Similar Technologies

  • Essential: authentication, security, language, session, referral attribution.
  • Functional: preferences, theme.
  • Analytics: usage metrics to improve performance.

Where required, we will present controls to manage non‑essential cookies.

11. Third‑Party Services

When you link or interact with third‑party services, their collection and use of data are governed by their policies. We are not responsible for third‑party practices. We use the following third‑party services:

  • Google OAuth: For user authentication. Google's privacy policy applies to data collected during sign-in.
  • Picsum Photos: For wallpaper images. When you select a wallpaper, we download the image from Picsum Photos and store it on our servers.
  • Supabase: For cloud database and file storage. We use Supabase to sync your dashboard data and store background images across devices.
  • PayPal: For Affiliate Program payouts. PayPal's terms and privacy policy apply to payout transactions.
  • Payment Processors: For subscription payments. Payment processor's terms apply.

11.1 Google API Services Data Usage

Cuslr uses Google API Services to provide enhanced functionality through our widgets. We comply with the Google API Services User Data Policy, including the Limited Use requirements.

Google Ads API (ROAS Dashboard Widget)

Our ROAS Dashboard Widget uses the Google Ads API to display your advertising campaign performance metrics.

What data we access:

  • Campaign performance metrics: impressions, clicks, conversions, cost, ROAS (Return on Ad Spend)
  • Campaign names and IDs
  • Budget information
  • Date range statistics

How we use this data:

  • Display real-time campaign metrics in your dashboard
  • Show performance trends and comparisons
  • Provide budget alerts and anomaly detection
  • Calculate aggregated ROAS and performance summaries

Data usage commitments:

  • We only READ data from Google Ads API - we never modify campaigns or budgets
  • Data is cached locally in your browser for 15 minutes to improve performance
  • We do NOT store Google Ads data on our servers permanently
  • We do NOT share your Google Ads data with third parties
  • We do NOT use your Google Ads data for advertising purposes
  • We do NOT use your Google Ads data for AI/ML model training
  • You can revoke access at any time from extension settings

Google Calendar API (Calendar Widget)

Our Calendar Widget uses the Google Calendar API to display your upcoming events and allow quick event management.

What data we access:

  • Event titles, descriptions, and locations
  • Event start and end times
  • Event attendees and organizer information
  • Google Meet links and conference details
  • Calendar names and colors

How we use this data:

  • Display today's and upcoming events in your dashboard
  • Show event details: time, title, location, description
  • Enable quick-add functionality for new events
  • Provide one-click access to Google Meet links
  • Color-code events based on your Google Calendar categories

Data usage commitments:

  • We only access events you have permission to view
  • Event data is cached locally in your browser for 10 minutes to improve performance
  • We do NOT store Google Calendar data on our servers permanently
  • We do NOT share your calendar data with third parties
  • We do NOT use your calendar data for advertising purposes
  • We do NOT use your calendar data for AI/ML model training or analytics
  • Event data is displayed only to you, the authenticated user
  • You can revoke access at any time from extension settings

Limited Use Disclosure: Cuslr's use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified within the Service or by email. Your continued use after changes take effect signifies acceptance.

13. Contact

Email: privacy@cuslr.com
Postal: [Operator Legal Name], [Address]

Legal Notice: This Policy is intended to satisfy obligations under global privacy regimes (e.g., GDPR/UK GDPR, CCPA/CPRA) to the extent applicable. Local laws may grant additional rights.