SurfedIn — Legal, Privacy & Disclaimers

Version 1.0 — May 2026

⚠ This platform is an independent project under active development. It is not an incorporated company and does not operate under any specific legal, financial, or professional regulation. Features, terms, and conditions may change at any time without notice. The service is functional and provided in good faith — use it at your own discretion. For any concern, contact the platform operator directly at the address provided at the bottom of this page.

1. Project Status Disclaimer

This platform is currently in a pre-launch project phase. Nothing on this platform, in its documentation, or in any communication associated with it constitutes a binding commitment, service agreement, or contractual obligation of any kind.

The operator reserves the right, at any time and without prior notice, to:

Modify, suspend, or discontinue the platform or any part of it
Change, remove, or add features, functionality, or content
Alter pricing, commission structures, or access conditions
Terminate the platform entirely
Transfer, assign, sell, or otherwise convey the platform, its intellectual property, its user base, its codebase, or any associated assets to any third party, including but not limited to: commercial buyers, investors, partner organisations, or successors in interest
Merge the platform with another product or service
Pivot the business model without restriction

No user or any other party shall have any claim, right of recourse, or expectation of continuity arising from the platform's current state, any prior communication, or this or any other document produced during the project phase.

2. No Affiliation with Third-Party Services and Brands

SurfedIn is an independent platform. It is not affiliated with, endorsed by, sponsored by, partnered with, or officially connected to any third-party service, brand, platform, or company referenced anywhere on this platform — whether in the interface, in user profiles, in content listings, or in these Terms.

The use of any third-party service, brand name, logo, or product on this platform is purely functional or descriptive. It does not imply any commercial relationship, official integration, or approval from the companies involved.

Specifically:

LinkedIn and all related trademarks, logos, and products are the property of LinkedIn Corporation, a subsidiary of Microsoft Corporation. This platform is not affiliated with, endorsed by, sponsored by, or in any way officially connected to LinkedIn or Microsoft. The feature "Sign in with LinkedIn" is a technical authentication integration using LinkedIn's publicly available OAuth API, subject to LinkedIn's own developer terms of service. The presence of this feature does not constitute a partnership or affiliation of any kind.
Stripe and all related trademarks are the property of Stripe, Inc. This platform uses Stripe as a technical payment processing provider. This platform is not affiliated with, endorsed by, or sponsored by Stripe. All payment processing is governed exclusively by Stripe's own terms of service and privacy policy.
Gumroad, Lemon Squeezy, Payhip, Whop, and any other content or payment platforms referenced on this platform as options for users to link their external content are independent services. Their names appear solely to describe where a user has chosen to host their content. This platform has no affiliation, partnership, or commercial relationship with any of them. Transactions conducted on those platforms are entirely outside the scope of this platform and governed by their respective terms.
Substack, Twitter/X, Instagram, TikTok, Facebook, YouTube, GitHub, Behance, Dribbble, Medium, and any other social, publishing, portfolio, or professional platform that users may link to from their profile are entirely independent services. Their logos, names, and trademarks are the property of their respective owners. The display of a link to any such platform on a user's profile is a user-generated action. This platform has no affiliation, partnership, endorsement relationship, or commercial connection with any of them.
Any external website, personal domain, or other online destination linked by a user anywhere on this platform is the sole responsibility of that user. This platform does not review, endorse, or take any responsibility for the content, availability, or legality of any externally linked resource.
Supabase or any other infrastructure, hosting, or database provider used to operate this platform is a technical service provider only. Their involvement does not constitute affiliation with or endorsement of this platform.
Any other third-party tool, API, platform, brand, or service referenced or linked anywhere on this platform — whether used by the operator or referenced by a user in their profile or content — is the property of its respective owner. Its presence on this platform does not imply affiliation, endorsement, or sponsorship of any kind.

Users interacting with any third-party service via or through this platform do so subject to those services' own terms, privacy policies, and conditions, for which this platform accepts no responsibility whatsoever.

3. Limitation of Liability

The platform operator accepts no liability whatsoever — to any user, buyer, visitor, or third party — for any claim of any nature arising from or related to the platform, its content, its availability, or its termination.

This exclusion is absolute and covers, without limitation:

Loss of revenue, income, or profits of any kind — actual, anticipated, or future
Loss of business, contracts, or commercial opportunity
Loss of data, content, or information
Loss of goodwill or reputation
Wasted time or expenditure
Any decision made based on content found on the platform
Transactions, arrangements, or engagements between users
Actions or failures of any third-party service integrated with the platform
Unauthorised access to user data
Interruption, suspension, or permanent termination of the platform

The platform operator's total aggregate liability, under any theory of law, is zero (€0).

Use of this platform is entirely at the user's own risk.

4. No Warranty

The platform is provided on an "as is" and "as available" basis, without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, or uninterrupted availability.

The operator does not warrant that:

The platform will be free from errors, bugs, or interruptions
Content published by users is accurate, complete, or fit for any purpose
The platform will be available at any specific time or for any specific duration
Any defects will be corrected

5. User Responsibility — All Content, All Roles

This section applies to every user of the platform without exception — regardless of role, account type, or the nature of the content submitted. This includes every person who creates an account, publishes any content, or interacts with the platform in any capacity.

Every piece of content on this platform is the sole responsibility of the user who submitted it.

This covers, without limitation: profile information, biography, headline, credentials, claimed experience, case studies, project descriptions, project briefs, requests for collaboration, paid content and its previews, reviews, external links, and any other material a user adds to their account or listing.

5.1 What the Platform Operator Does Not Do

The platform operator does not and will not:

Verify, validate, moderate, or endorse any content submitted by any user
Confirm the accuracy, truthfulness, completeness, or legality of any content
Act as a party to any transaction, engagement, or agreement initiated through the platform
Be responsible for the outcome of any connection, collaboration, or commercial relationship between users
Be responsible for any harm arising from content a user has posted or a visitor has relied upon
Guarantee that content will remain available, unaltered, or accessible at any given time

The operator reserves the right — but is under no obligation — to remove content that appears to violate these Terms, at sole discretion and without prior notice.

5.2 Seeker Responsibility

Users who post project listings, collaboration requests, briefs, or any expression of need ("seekers") bear the same full responsibility as any other content publisher. By posting a project or request, the user warrants that:

The project or need described is genuine and not misleading
They have the authority to seek, commission, or engage for the scope described — whether acting on their own behalf or with explicit mandate from an organisation or third party
The brief does not contain confidential, proprietary, or legally protected information belonging to a third party without authorisation to disclose it
The engagement they are seeking is lawful in all relevant jurisdictions

Authorization Declaration. Before submitting any project listing, the user is required to actively confirm the following declaration (presented as a mandatory, non-pre-checked checkbox):

I confirm that I am authorized to act on behalf of the organization or project described in this listing, and that the information provided is accurate to the best of my knowledge.

This declaration must be checked before the listing can be submitted. It cannot be pre-checked by the platform. Submission of a listing constitutes the user's binding acceptance of this declaration and of the full seeker responsibility set out in this section.

The platform is not responsible for verifying whether a seeker has the authority, budget, or intention to follow through on any listed request. The declaration above does not transfer any verification obligation to the platform — it transfers full legal responsibility to the user.

5.3 General Warranty for All Users

By submitting any content to the platform, every user unconditionally warrants that:

The content is truthful and does not knowingly mislead any other user or visitor
They hold all necessary rights, licences, permissions, or authorisations to publish the content publicly on this platform
The content does not infringe any intellectual property right of any third party
The content does not contain confidential information they are not legally permitted to disclose
The content complies with all applicable laws in their jurisdiction and in jurisdictions where it may be accessed
They are not using the platform to misrepresent their identity, credentials, or authority

Any breach of these warranties is the sole legal responsibility of the user. The platform operator accepts no liability for any consequence arising from such a breach.

6. Nature of the Platform — Directory Disclaimer

SurfedIn is a directory. It lists. It does not verify.

This distinction is foundational and must be understood by every user before using the platform. A directory — like a telephone directory, a trade listing, or a professional register — provides a structured, searchable index of entries submitted by individuals or organisations. The directory operator does not investigate, validate, authenticate, or endorse any entry. The presence of a profile, listing, or piece of content on this platform is not a statement of quality, legitimacy, competence, or trustworthiness. It is simply a listing.

6.1 No Verification of Content

The platform operator does not and cannot verify:

The identity of any user beyond the LinkedIn authentication signal
The accuracy, truthfulness, or completeness of any profile, bio, case study, or project description
Whether claimed experience, qualifications, credentials, or outcomes are genuine
Whether any content uploaded by a user is original, owned by that user, or free of third-party rights
Whether any Independent, builder, or founder is legally authorised to offer the services or content they describe
The quality, fitness, or legality of any paid content listed on the platform

Users browsing and using this platform do so on the understanding that all content is self-reported and unverified. They are solely responsible for conducting their own due diligence before entering into any engagement or transaction with another user.

6.2 Full Legal Responsibility of the User

Every user who submits content to this platform — including but not limited to profile information, case studies, project descriptions, paid content previews, and reviews — accepts full and exclusive legal responsibility for that content.

By submitting content, the user warrants and represents that:

The content is accurate and not misleading in any material respect
The content is entirely their own original work, or they hold all rights necessary to publish it in the manner in which it is published
Where the content refers to work done for or with a third party (e.g. a client case study), the user has the explicit authorisation, consent, mandate, or agency from that third party to publish and disclose the information contained in the content
The content does not infringe any intellectual property right, including copyright, trademark, trade secret, or patent, of any third party
The content does not contain confidential information belonging to any third party that the user is not legally permitted to disclose
The content does not defame, harass, or unlawfully harm any individual or organisation
The content complies with all applicable laws in the user's jurisdiction and in the jurisdictions where it may be accessed

The platform operator is not a party to the relationship between the user and any third party referenced in their content. Any claim arising from content published on this platform — including claims of defamation, copyright infringement, breach of confidentiality, misrepresentation, or unauthorised disclosure — is the sole legal responsibility of the user who published it. The platform operator accepts no liability whatsoever for any such claim.

6.3 Copyright

Users retain ownership of content they publish. However, by publishing content on this platform, users confirm they are the rights holders or have obtained all necessary licences, permissions, and authorisations to publish that content publicly and to grant the platform the rights described in these terms.

The platform operator will not be held liable for any copyright infringement committed by a user. If you believe content on this platform infringes your copyright, you may submit an abuse report (see section 6.4). We will review the report in good faith and take action where we deem it appropriate, but we do not guarantee a specific outcome or timeline.

6.4 Abuse Reporting

Users and visitors may report content they believe violates these terms — including false or misleading information, impersonation, intellectual property infringement, defamatory content, or any other abuse — by contacting the platform operator directly at the contact address provided on the platform.

We will review all reports in good faith and will attempt to take appropriate action as promptly as reasonably possible. However:

We do not guarantee that any report will result in content removal
We do not guarantee any specific response time
The decision to act on any report is at the sole discretion of the platform operator
We are under no legal obligation to monitor content proactively or to act on every report received

The platform's moderation capacity at this stage is limited. We will do our best. That is the only commitment we make.

7. Paid Content

The platform displays previews of paid content uploaded by users. The platform does not process, facilitate, or intermediate any payment transaction. When a visitor wishes to obtain paid content, they are directed to contact the user directly via LinkedIn or to follow an external link provided by the user to a third-party platform of their choosing (such as Gumroad, Payhip, or their own website).

The platform operator:

Does not collect, handle, or process any payment on behalf of any party
Is not a party to any transaction between a buyer and a user
Has no visibility into whether any transaction takes place
Accepts no responsibility whatsoever for the outcome of any transaction conducted outside the platform
Does not guarantee the quality, accuracy, fitness for purpose, or completeness of any paid content
Has no refund policy — refunds, disputes, and any other transactional matters are exclusively between the buyer and the user

Any transaction between a buyer and a user is entirely independent of this platform. The platform operator is not liable for any loss, dissatisfaction, dispute, or damage of any kind arising from such transactions.

8. Privacy & GDPR Compliance

8.1 Scope

This section applies to all users and visitors of the platform and is intended to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), the ePrivacy Directive 2002/58/EC (as transposed into national law, including the Belgian Act of 13 June 2005 on electronic communications), the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, and other applicable data protection legislation worldwide.

8.2 Data Controller

The data controller is the operator of this platform. Contact details are provided at the bottom of this page. During the project phase, all data-related enquiries may be directed to the project owner via the contact address shown on the platform.

8.3 Data Minimisation Principle

This platform is built on a principle of minimal data collection. We do not collect data we do not need. Specifically:

No private messaging data is stored — the platform does not facilitate or store any direct communications between users
No document storage beyond what is explicitly uploaded as public or paid content by the user
No marketing email databases are maintained by the platform operator
No advertising cookies, no remarketing pixels, no cross-site tracking are used
Authentication is handled via LinkedIn OAuth — we receive only what LinkedIn makes available through its standard API scope

8.4 What Data We Collect

Data Type	Source	Purpose	Legal Basis
Name, photo, headline	LinkedIn OAuth (user-authorised)	Profile display	Consent / Contract
LinkedIn profile URL	LinkedIn OAuth	Identity signal	Legitimate interest
User-submitted profile content	User input	Public profile display	Consent
Case studies and project listings	User input	Public discovery	Consent
Paid content (full)	User upload	Delivery to buyers	Contract
Buyer email (for purchases)	Stripe	Transaction record	Contract
Payment transaction data	Stripe	Commission processing	Contract / Legal obligation
Reviews	User input	Public display	Consent
Session cookie	Platform login flow	Keep user signed in	Strictly necessary (no consent required)
Server logs (IP, user-agent, timestamp, path)	HTTP request	Security, abuse prevention, debugging	Legitimate interest
Aggregated, anonymised analytics events	Browser (only after consent)	Understand traffic patterns	Consent

8.5 What We Do Not Collect

Passwords (authentication is delegated to LinkedIn)
Government-issued identification
Financial account details (all payment data is handled exclusively by Stripe)
Precise geolocation data
Behavioural advertising profiles
Cross-site tracking identifiers
Biometric or special category (Article 9 GDPR) data

8.6 Data Retention & Account Lifecycle

Quick links — delete your account or revoke access:

Delete your profile: your dashboard settings (Settings → Danger zone)

Revoke LinkedIn sign-in: LinkedIn permitted services

Locked out: sign in with LinkedIn again to re-authorise, then delete your profile from the dashboard

Step-by-step walkthrough: FAQ — How do I delete my profile and revoke LinkedIn access?

Active accounts — Profile data is retained for as long as the user maintains an active account on the platform.
Self-service deletion — Users can delete their account and associated data at any time from the dashboard's Settings → Danger zone.
Inactivity sweep — To honour the GDPR principles of storage limitation (Art. 5(1)(e)) and to handle cases where the user can no longer self-manage their account (for example, the user deleted their LinkedIn account or revoked SurfedIn's authorisation on LinkedIn — LinkedIn does not notify SurfedIn when this happens), the platform runs an automated inactivity routine:
- After 12 months with no successful sign-in, the account is flagged and (when transactional email is wired up) a warning notice is sent to the user's last known email address.
- After a further 30-day grace period with still no sign-in, the account is soft-deleted (the public profile and projects are removed from the directory).
- Soft-deleted records are purged from active database tables on the next maintenance cycle, except for fields legally required for accounting/audit (see below).
Locked-out users — Because authentication is via LinkedIn, a user who has revoked SurfedIn's authorisation on LinkedIn can simply re-authorise the app at sign-in and then delete their profile from the dashboard. The user controls their LinkedIn account and access permissions there. Accounts that remain unused are also handled by the inactivity sweep above.
Purchase records may be retained for up to 7 years for legal and accounting compliance (Italian/EU tax law).
Server logs are retained for a maximum of 30 days.
Analytics events (if analytics consent is given) are retained for a maximum of 14 months.
Reviews authored by a deleted user will be anonymised where technically feasible while preserving the integrity of reviews received by other users.

8.7 User Rights (GDPR)

Users based in the EU/EEA have the following rights:

Right of access — to obtain a copy of the personal data held about them
Right to rectification — to correct inaccurate data
Right to erasure ("right to be forgotten") — to request deletion of personal data, subject to legal retention obligations. Available in-app via Settings → Danger zone. Users who have revoked SurfedIn's LinkedIn access can re-authorise on LinkedIn at any time to regain access to their dashboard and complete the deletion themselves
Right to restriction — to limit the processing of their data
Right to data portability — to receive their data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interest
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
Right not to be subject to automated decision-making — the platform does not perform automated decision-making with legal effect

To exercise any of these rights, users should contact the platform operator or use the in-app and public deletion routes described above. Requests will be addressed within 30 days.

8.8 Data Security

The platform applies reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure — including TLS encryption in transit, encrypted storage at rest, scoped database access via row-level security, and OAuth-delegated authentication. However, no system is completely secure, and the platform operator cannot guarantee absolute security.

8.9 Third-Party Data Processors

The platform relies on the following sub-processors. Each is bound by its own privacy policy and, where required, by a Data Processing Agreement (DPA) under Article 28 GDPR.

Processor	Role	Data processed	Region	Safeguard
LinkedIn (Microsoft Ireland Operations Ltd)	OAuth identity provider	Name, photo, headline, LinkedIn URL	EU / US	LinkedIn's own DPA + SCCs
Stripe Payments Europe Ltd	Payment processing	Name, email, payment data	EU / US	Stripe DPA + SCCs
Supabase (database, auth, storage)	Hosting, database, file storage	All platform data	EU region selected	Supabase DPA + SCCs
Cloudflare	CDN, WAF, edge runtime	IP, user-agent, request metadata	Global edge	Cloudflare DPA + SCCs
Lovable	Build & deployment platform	Source code, build artefacts	EU / US	Lovable terms + SCCs
Google Fonts	Web font delivery	IP, user-agent	Global (Google Ireland Ltd)	Self-hosted where possible; otherwise Google's DPA + SCCs
Google Analytics 4 (only if consent is given)	Aggregated traffic analytics	Pseudonymised client ID, IP-anonymised events	EU endpoint, US fallback	Google DPA + SCCs + IP anonymisation + Google Signals OFF + ads features OFF
YouTube (only when a video is loaded with consent)	Embedded video playback	IP, user-agent, cookies set by YouTube	Global (Google Ireland Ltd)	privacy-enhanced mode (`youtube-nocookie.com`)
Vimeo (only when a video is loaded with consent)	Embedded video playback	IP, user-agent, cookies set by Vimeo	EU / US	Vimeo DPA + SCCs; "Do Not Track" enabled
LinkedIn / X (Twitter) / Instagram / Facebook / TikTok / Substack / GitHub / Behance / Dribbble / Medium / others	Outbound links from user profiles	None set by us; you leave our site when you click	Various	Governed by each platform's own policy

8.10 International Transfers

Where personal data is transferred outside the European Economic Area, the platform operator ensures appropriate safeguards under Chapter V GDPR — primarily the European Commission's Standard Contractual Clauses (SCCs) of 4 June 2021, supplemented by transfer impact assessments where required.

8.11 Supervisory Authority

Users have the right to lodge a complaint with a supervisory data protection authority. In Belgium, this is the Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD): www.gegevensbeschermingsautoriteit.be

9. Cookies, Local Storage & Similar Technologies

This section is the platform's full Cookie Policy and forms an integral part of the Privacy Policy above. It complies with Article 5(3) of the ePrivacy Directive and the EDPB Guidelines 03/2022 on consent.

9.1 What is a cookie?

A "cookie" is a small text file placed on your device by your browser. We also use the broader category of "similar technologies" — including HTML5 localStorage, sessionStorage, IndexedDB, ETag and cache-based identifiers, pixel tags, and SDK-set identifiers in embedded third-party iframes. Wherever this policy says "cookies", it means any such technology.

9.2 Categories used on this platform

We classify every cookie / similar technology into one of the four categories defined by the EDPB:

A. Strictly necessary (no consent required)

These are required to deliver the service you explicitly requested (e.g. logging in, security, load balancing). They are exempt from consent under Article 5(3) ePrivacy Directive.

Name	Set by	Purpose	Storage	Lifetime
`sb-access-token` / `sb-refresh-token` (or equivalent)	Supabase Auth (first-party)	Keep the user signed in after LinkedIn OAuth	Cookie / localStorage	Session + 7 days refresh
`__cf_bm`, `cf_clearance`	Cloudflare	Bot mitigation, security	Cookie	30 min – 30 days
`lovable_consent`	First-party	Remember your cookie-banner choice so we don't ask again	localStorage	12 months

B. Functional (consent or legitimate interest, depending on impact)

Used to remember UI preferences (theme, language, dismissed banners). They do not track behaviour across sites. We rely on consent where the cookie is not strictly necessary.

C. Analytics / measurement (consent required)

We use analytics only if you give consent via the cookie banner. By default, no analytics scripts load, no analytics cookies are set, and no analytics requests are sent.

If you accept analytics:

Provider: Google Analytics 4 (Google Ireland Limited).
Configuration: IP anonymisation enabled (anonymize_ip: true / Google's automatic IP truncation), Google Signals off, Advertising Features off, ad personalisation off, data sharing with Google products off, demographic & interest reporting off.
Cookies set: _ga (2 years), _ga_<container-id> (2 years), _gid (24 hours, where applicable).
What is collected: anonymised client ID, page URL, referrer, device type, broad geography (country / city), language, anonymised events (page_view, outbound_click).
What is NOT collected: form contents, message bodies, payment data, the content of paid uploads, your email, or any other personal identifier.
Endpoint: EU collection endpoint where available, with onward transfer to the US under Google's SCCs and the EU–US Data Privacy Framework.
Retention: 14 months maximum.

You may withdraw consent at any time via the "Cookie settings" link in the footer; analytics cookies will be deleted on the next page load.

D. Marketing / advertising (consent required)

We do not use any. No remarketing pixels, no Meta Pixel, no LinkedIn Insight Tag, no TikTok Pixel, no Google Ads conversion tags, no third-party advertising cookies.

9.3 Embedded third-party content (iframes, oEmbeds, OAuth)

Some pages embed content hosted by third parties. These embeds can set their own cookies and receive your IP address as soon as they load. We follow a consent-before-load approach for every non-essential embed.

Embed	When it appears	What it sets if loaded	Mitigation
YouTube video player	On project pages with a YouTube URL	YouTube/Google cookies (`VISITOR_INFO1_LIVE`, `YSC`, `PREF`, `CONSENT`, `__Secure-*`)	Loaded only after consent; rendered via `youtube-nocookie.com` (privacy-enhanced mode); a click-to-load placeholder is shown if consent is not given
Vimeo video player	On project pages with a Vimeo URL	Vimeo cookies (`vuid`, player cookies)	Loaded only after consent; `dnt=1` query parameter sent; click-to-load placeholder otherwise
LinkedIn "Sign in with LinkedIn"	On the sign-in page only when you click the button	LinkedIn auth & session cookies, set on `linkedin.com`	Strictly necessary for the authentication flow you initiated; covered under Article 5(3) ePrivacy as a service-you-requested
LinkedIn outbound profile links	Anywhere a user links to LinkedIn	None set by us; LinkedIn sets its own once you arrive there	Plain `<a href>` link; no Insight Tag, no SDK
X (Twitter) outbound	User profile links	None set by us	Plain link
Instagram / Facebook (Meta) outbound	User profile links	None set by us; Meta cookies set on their domain only after you arrive	Plain link; no Meta Pixel, no Like/Share buttons, no Connect SDK
TikTok outbound	User profile links	None set by us	Plain link; no TikTok Pixel
Substack outbound	User newsletter links	None set by us	Plain link; no Substack embed iframe by default
GitHub / Behance / Dribbble / Medium / others outbound	User profile links	None set by us	Plain link
Google Fonts	Site-wide typography	IP + user-agent disclosed to `fonts.googleapis.com` and `fonts.gstatic.com`	Loaded with `crossorigin` and `preconnect`; no cookies. We treat this as functional/strictly necessary for rendering; we will move to self-hosted fonts where feasible.
Stripe Checkout / Elements	Only when you initiate a purchase	Stripe fraud-prevention cookies (`__stripe_mid`, `__stripe_sid`)	Strictly necessary for the payment you requested
Cloudflare	Site-wide (CDN, WAF)	`__cf_bm`, `cf_clearance`	Strictly necessary for security
Lovable preview / build	Preview environments only (`*.lovable.app`)	Lovable's own session cookies	Not present on production custom domains

If we add any further embed in the future (e.g. SoundCloud, Spotify, Loom, Wistia, Twitch, Instagram oEmbed, Facebook Page Plugin, X Tweet embed, LinkedIn Post embed, Pinterest, Reddit, Threads, Bluesky, Mastodon, Notion, Figma, Canva, Typeform, Calendly, Tally, Airtable, Google Maps, Mapbox, Discord widget), it will be added to this table and will require consent before loading unless it is strictly necessary for a feature you explicitly requested.

9.4 Consent mechanism

On your first visit (and after any material change to this policy), a cookie banner is shown with three options of equal prominence: Accept all, Reject all, and Customise. No non-essential cookie is set, no analytics request is sent, and no third-party embed is loaded before you make a choice. Refusing is as easy as accepting — there is no "cookie wall".

Your choice is stored in a first-party lovable_consent value in localStorage for 12 months. You can change or withdraw your choice at any time via the "Cookie settings" link in the footer. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

9.5 Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal: if your browser sends Sec-GPC: 1, we treat it as a refusal of all non-essential cookies and do not load analytics or non-essential embeds, regardless of any prior banner choice.

9.6 Children

The platform is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to the platform, contact the operator and we will delete it.

9.7 Changes to this Cookie Policy

We will update this section whenever we add, remove, or change a cookie or embed. Material changes trigger a new consent prompt.

9. Intellectual Property

All platform design, branding, code, and non-user-generated content are the property of the platform operator. Users retain ownership of content they publish, but grant the platform a non-exclusive, royalty-free licence to display, index, and distribute that content in accordance with the platform's public-access model.

Paid content uploaded by users remains the intellectual property of the user who uploaded it. The platform does not claim ownership of any paid content.

10. Governing Law & Jurisdiction

During the project phase, this platform is operated from Belgium. To the extent any legal proceedings arise, they shall be governed by Belgian law and subject to the jurisdiction of the competent courts of Belgium, without prejudice to any mandatory consumer protection rights applicable in the user's country of residence.

11. Changes to These Terms

The operator reserves the right to modify these terms at any time. Continued use of the platform following any modification constitutes acceptance of the updated terms. Where required by law, material changes will be communicated to users in advance.