Privacy Policy

HomepageAssist

Interactive Video Solutions

Email: contact@homepageassist.com

Website: homepageassist.com

This privacy policy explains how HomepageAssist collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy and complying with GDPR.

Legal Basis for Processing:

• Art. 6(1)(a) GDPR - Consent
• Art. 6(1)(b) GDPR - Contract performance
• Art. 6(1)(f) GDPR - Legitimate interests

Server Log Files: When you visit our website, we automatically collect:

• IP address
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL
• Status code

Purpose: System security, stability, and optimization.

Legal Basis: Art. 6(1)(f) GDPR (legitimate interests).

Retention: 30 days unless required for security investigations.

Registration Data: When you create an account, we collect:

• Full name
• Email address
• Password (encrypted)
• Account creation date
• Last login date

Purpose: To provide access to our services and authenticate users.

Legal Basis: Art. 6(1)(b) GDPR (contract performance).

Retention: Until account deletion + 30 days.

When you contact us via email or contact form, we process your email address, name, message content, and communication timestamps.

Purpose: To respond to inquiries and provide customer support.

Legal Basis: Art. 6(1)(a) and 6(1)(f) GDPR.

Retention: 90 days after resolution, unless longer retention is legally required.

Project Data: When you create interactive videos, we store:

• Project names and descriptions
• Video files and media assets
• Interactive elements and configurations
• Project metadata

Purpose: To provide video creation and hosting services.

Legal Basis: Art. 6(1)(b) GDPR (contract performance).

Retention: Until project or account deletion.

We use session cookies to maintain your login state and provide a secure experience. Session data includes encrypted session ID, user ID, login timestamp, and expiration time.

Purpose: Authentication and secure session management.

Legal Basis: Art. 6(1)(b) GDPR (necessary for service).

Retention: 30 days of inactivity.

Essential Cookies: We use strictly necessary cookies:

• Session Cookie (connect.sid): Maintains login session
• CSRF Token: Protects against attacks

Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in security). No consent required as they are strictly necessary.

Optional Cookies: We currently do not use analytics, marketing, or tracking cookies. If we implement such cookies in the future, we will request your consent first.

No Data Sales: We do not sell your personal data to third parties.

Service Providers: We may share data with trusted service providers (cloud hosting, email services, payment processors) who are contractually obligated to protect your data.

Legal Requirements: We may disclose data when required by law, to comply with legal obligations, protect our rights, prevent fraud, or protect user safety.

Technical Measures:

• SSL/TLS encryption (256-bit or 128-bit)
• Encrypted password storage
• Secure session management with HTTP-only and secure cookies
• Regular security updates and patches
• Access controls and authentication
• Security audits and monitoring

Organizational Measures: Limited data access on need-to-know basis, employee training, incident response procedures, and regular security reviews.

Data Breach Notification: In the event of a breach posing risk to your rights, we will notify you and authorities within 72 hours as required by Art. 33 GDPR.

Retention Periods:

• Account data: Until deletion + 30 days
• Project data: Until project/account deletion
• Server logs: 30 days
• Communication records: 90 days after resolution
• Session data: 30 days from last activity

Some data may be retained longer when required by law (e.g., tax or accounting purposes), typically 7-10 years.

Your personal data is stored and processed in data centers located in the European Economic Area (EEA).

If we transfer data outside the EEA, we ensure appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions by the European Commission, or other legally approved mechanisms under Chapter V GDPR.

To exercise your privacy rights, contact us at contact@homepageassist.com. We will respond within 30 days.

No Automated Decision-Making: We do not use automated decision-making or profiling as defined in Art. 22 GDPR.

Our services are not intended for children under 16. We do not knowingly collect data from children under 16. If you believe your child has provided us with data, contact us immediately at contact@homepageassist.com.

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on our website, updating the "Last Updated" date, and sending email notifications for significant changes.

Continued use of our services after changes become effective constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this privacy policy or our data practices:

Email: contact@homepageassist.com

Website: homepageassist.com