CircleMate
Get started
Back to home

Last updated: May 7, 2026

Privacy Policy

This Privacy Policy describes how CircleMate, operated by Marko Budal s.p. (“we”, “our”, or “us”), collects, uses, and protects your information when you use circlemate.me (the “Service”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Data Controller

The data controller for CircleMate is Marko Budal s.p., a sole proprietor registered in Slovenia. You can reach us at hello@circlemate.me.

2. Information We Collect

2.1 Account Information

  • Email address (used for login and notifications)
  • Account creation date

2.2 Uploaded Data

  • Your Instagram data export files (containing your followers, following lists, etc.)
  • These files are processed to provide the Service

2.3 Payment Information

  • Payment data is collected and processed by Paddle.com Market Limited, our Merchant of Record. We never store your full credit card details.
  • We receive: subscription status, plan type, renewal dates

2.4 Usage Data

  • IP address, browser type, device information
  • Pages visited, features used, timestamps
  • Used for analytics and service improvement

2.5 Cookies

We use a small number of essential cookies for authentication and session management — CircleMate cannot function without these. They are set when you sign in and deleted when you sign out or your session expires.

We will request your explicit consent before setting any non-essential cookies (for example, analytics or product-usage cookies). You can withdraw consent at any time by clearing the cookies set by circlemate.me in your browser settings; you will be asked again on your next visit.

3. How We Use Your Information

We use your data to:

  • Provide and maintain the CircleMate Service
  • Process your Instagram data exports
  • Send transactional emails (account confirmations, receipts)
  • Respond to your support requests
  • Improve our Service and develop new features
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract: To provide the Service you signed up for (Article 6(1)(b) GDPR)
  • Legitimate Interest: To improve our Service and prevent fraud (Article 6(1)(f) GDPR)
  • Consent: For optional marketing communications (Article 6(1)(a) GDPR)
  • Legal Obligation: To comply with applicable laws (Article 6(1)(c) GDPR)

5. Data Sharing

We do NOT sell your personal data. We share data only with:

  • Paddle.com Market Limited (payment processor, Merchant of Record)
  • Supabase (database hosting)
  • Vercel (web hosting)
  • Email service providers for transactional emails
  • Authorities when legally required

All third-party providers are GDPR-compliant or covered by appropriate safeguards.

6. Data Retention

  • Account data: Retained while your account is active
  • Uploaded files:Stored encrypted; deleted automatically after 90 days unless you're a Pro user with active subscription
  • Payment records: Retained for 10 years for Slovenian tax compliance (per Slovenian tax law)
  • Deleted accounts: All personal data permanently deleted within 30 days of deletion request

7. Your Rights Under GDPR

You have the right to:

  • Access: Request a copy of your data (Article 15)
  • Rectification: Correct inaccurate data (Article 16)
  • Erasure:Request deletion / “right to be forgotten” (Article 17)
  • Portability: Receive your data in a machine-readable format (Article 20)
  • Restriction: Limit how we process your data (Article 18)
  • Objection: Object to certain processing activities (Article 21)
  • Withdraw consent: At any time

To exercise these rights, email: hello@circlemate.me
We will respond within 30 days.

8. Data Security

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored data
  • Secure authentication (no password storage in plain text)
  • Regular security audits
  • Access controls and logging

9. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA (e.g., for hosting or analytics), we ensure appropriate safeguards (Standard Contractual Clauses) are in place as required by GDPR.

10. Children's Privacy

CircleMate is not intended for users under 13 years old. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

11. Third-Party Links

CircleMate may contain links to third-party websites. We are not responsible for their privacy practices.

12. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via email or in-app notification.

13. Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Slovenian supervisory authority:

Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Email: gp.ip@ip-rs.si
Website: https://www.ip-rs.si

14. Contact

For privacy-related questions or to exercise your rights, email Marko Budal s.p. at hello@circlemate.me.