Privacy Policy

1. Introduction

Sleekbio ("we," "our," or "us") operates the Sleekb.io platform, which provides digital business card creation, bio page hosting, NFC smart card ordering, email signature generation, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our Service.

By using Sleekb.io, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you register, we collect your email address and password (stored as a cryptographic hash, never in plaintext). If you sign in via Google OAuth, we receive your name, email, and profile image from Google.
• Profile Data: Your first name, last name, job title, phone number, biography, social media links, custom links, company name, and other details you choose to add to your digital profile.
• Page Content: Any text, images, colors, branding, or other content you upload or configure for your digital business card pages.
• Contact Submissions: When visitors share their contact information with you through your page, we store their name, email, phone, and optional comment on your behalf.
• Payment Information: When you subscribe to a paid plan or order physical cards, payment is processed by our third-party payment processor (Paystack). We do not store your full credit card number or bank details. We retain only the transaction reference, amount, and payment status.
• Organization Data: If you create an organization workspace, we collect company name, member information (via CSV upload or manual entry), and role assignments.

2.2 Information Collected Automatically

• Page Analytics: We collect anonymized, aggregated analytics on your digital business card pages, including page visit counts, link click counts, download counts, and contact share counts. These metrics are bucketed by day and do not contain personally identifiable visitor information.
• Technical Data: We may collect your IP address, browser type, operating system, and device information for security, fraud prevention, and service improvement purposes.

2.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google in accordance with Google's privacy policy.
• Paystack: Our payment processor provides us with transaction confirmation data, including payment status and reference identifiers.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and maintain your account and digital business card pages
• To display your profile information publicly on your page URL as you configure it
• To process subscriptions, payments, and physical card orders
• To provide page analytics and usage insights
• To send you essential service communications (email verification, OTP codes, organization invitations)
• To manage organization workspaces, memberships, and role-based access
• To enforce our Terms of Service and prevent abuse
• To improve, maintain, and secure the Service

4. How We Share Your Information

4.1 Public Profile Data

Your page content — including your name, title, bio, contact information, social links, and profile image — is publicly accessible by design. Anyone with your page URL, QR code, or NFC-enabled card can view this information. You control what information appears on your public pages through the dashboard.

4.2 Service Providers

We share data with trusted third-party service providers who assist in operating the Service:

• Supabase: Cloud database and file storage hosting
• Paystack: Payment processing
• SMTP Provider: Transactional email delivery (OTP, invitations)

These providers process data solely on our behalf and are contractually bound to protect your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

5. Data Storage & Security

• All data in transit between your browser and our servers is encrypted using TLS (HTTPS).
• Database connections are encrypted using TLS.
• Passwords are hashed using bcrypt with unique salts. We never store plaintext passwords.
• Access to production systems is restricted to authorized personnel only.
• We use secure, HttpOnly session tokens managed by our authentication framework (NextAuth.js).

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as fraud prevention or financial record-keeping).

Analytics data is retained in aggregated, non-personally-identifiable form and is not deleted upon account closure.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data via your dashboard.
• Deletion: Request deletion of your account and associated data.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing of your data.

To exercise any of these rights, please contact us at privacy@sleekb.io.

8. Cookies & Local Storage

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use tracking cookies, third-party advertising cookies, or analytics cookies that identify individual users.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at privacy@sleekb.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: