Privacy Policy

Last updated: February 1, 2026

1. Introduction

Welcome to Mr. Popup ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and in using our products and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, password)
  • Payment information (processed securely through Stripe)
  • Website information you add to your account
  • Communication preferences
  • Any other information you choose to provide

We also automatically collect certain information when you use our services, such as IP address, browser type, device information, usage patterns, and geolocation data (country-level) for analytics purposes.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

  • Consent: When you provide explicit consent (e.g., for analytics cookies or marketing communications)
  • Contract Performance: To fulfill our contract with you (e.g., providing the service you subscribed to)
  • Legitimate Interest: For analytics, fraud prevention, and service improvement (balanced against your rights)
  • Legal Obligation: To comply with legal requirements (e.g., tax records, data retention laws)

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities (with your consent)
  • Detect, prevent, and address technical issues

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted service providers who assist us in operating our platform (e.g., Stripe for payments, Supabase for hosting, Vercel for hosting). These providers are bound by Data Processing Agreements (DPAs) and may only use your data as necessary to provide their services.
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a business transfer or merger
  • With Your Consent: When you explicitly consent to sharing

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our service providers (including Stripe, Supabase, and Vercel) may be located in the United States or other jurisdictions. We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all service providers
  • Compliance with Privacy Shield principles where applicable

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Data: Retained while your account is active and for up to 30 days after account deletion
  • Analytics Data: Retained for up to 2 years, unless you withdraw consent earlier
  • Payment Records: Retained for up to 7 years as required by tax and accounting laws
  • Support Communications: Retained for up to 3 years

After the retention period, we securely delete or anonymize your personal information.

8. Cookies and Tracking Technologies

We use minimal cookies and local storage for essential functionality. You can control cookies through your browser settings.

What We Use:

Essential (Authentication & Session)

These are required for the site to work: sign-in, security, and session management. We use cookies and storage for authentication (e.g. Supabase session).

Analytics

We use Google Analytics and PostHog to understand how visitors use our website and product. This helps us improve the service. You can opt out via your browser or ad-blocking tools, or contact us at info@mrpopup.co if you have questions.

For any questions about how we use cookies or storage, contact us at info@mrpopup.co.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure payment processing through Stripe (we do not store credit card information)

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Your Privacy Rights

Depending on your location (GDPR for EU residents, CCPA for California residents, etc.), you have certain rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal information
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for cookies or marketing at any time

To exercise these rights:

  • Email us at info@mrpopup.co with your request
  • Include your account email and specify which right you wish to exercise
  • We will respond to your request within 30 days (or as required by applicable law)

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal information in accordance with applicable law.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, please contact us at info@mrpopup.co.

12. Children's Privacy

Our service is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children under 13 (or 16 in the EU). If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@mrpopup.co.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, if applicable, sending you an email notification. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Mr. Popup

Email: info@mrpopup.co

Website: https://mrpopup.co

Data Protection Officer: For GDPR-related inquiries, you can contact our data protection officer at the email address above.