This Privacy Policy explains how Murph ("we," "us," or "our"), operated by Tobias Haahr Nielsen, describes how we collect, use, and share information about you when you use our platform and services available at bymurph.com (the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
The Service is operated by Tobias Haahr Nielsen, trading as Murph, based in Denmark. For privacy-related inquiries, contact us at:
Email: [email protected]
Website: https://bymurph.com
1. Who We Are
(See introduction above.)
2. Information We Collect
2.1 Information You Provide Directly
- Account information: name, email address, and password when you create an account
- Profile information: any additional details you voluntarily add to your account
- Communications: messages or requests you send us
2.2 Information Collected Automatically
- Usage data: pages visited, features used, time spent, clicks, and other interaction data
- Device and browser data: IP address, browser type, operating system, and referring URLs
- Cookies and similar technologies: session cookies, analytics cookies, and preference cookies
2.3 Information from Google Sign-In (Google OAuth)
If you choose to authenticate via Google Sign-In, we receive the following data from Google:
- Your Google account name
- Your Google email address
- Your profile photo (if available)
- A unique Google user identifier
We access only the minimum data necessary to authenticate you and provide the Service. We do not access your Gmail, Google Drive, Google Calendar, or any other Google service data beyond basic profile/email scopes.
Google Limited Use Disclosure: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Google user data is used solely to provide and improve user-facing features of the Service
- We do not transfer, sell, or use Google user data for advertising, data brokering, credit assessment, or any purpose unrelated to providing the Service
- We do not allow humans to read your Google data unless you explicitly consent, it is required for security purposes, or it is required by law
3. How We Use Your Information
We use the information we collect to:
- Provide the Service: authenticate your identity, maintain your account, and operate platform features
- Improve the Service: analyse usage patterns to fix bugs and develop new features
- Communicate with you: send transactional emails (account confirmations, password resets, service updates)
- Ensure security: detect and prevent fraud, abuse, and unauthorised access
- Comply with legal obligations: respond to lawful requests from authorities or courts
We process your personal data on the following legal bases under GDPR Article 6:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contractual necessity (Art. 6(1)(b)) |
| Service delivery and core features | Contractual necessity (Art. 6(1)(b)) |
| Analytics and service improvement | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (if any) | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. How We Share Your Information
We do not sell your personal data. We may share information with:
- Service providers: hosting providers (e.g., Vercel, Supabase), analytics tools, and infrastructure partners who process data on our behalf under data processing agreements
- Legal authorities: when required by law, court order, or to protect the rights, safety, or property of users or the public
- Business transfers: in the event of a merger, acquisition, or sale of assets, with prior notice and, where required, your consent
All third-party processors are contractually bound to process your data only on our instructions and in compliance with GDPR.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, unless retention is required by applicable law.
Analytics data may be retained in aggregated, anonymised form for up to 24 months.
6. Cookies
We use cookies and similar tracking technologies to operate and improve the Service. You can control cookie settings through your browser. Disabling certain cookies may affect Service functionality.
| Cookie Type | Purpose |
|---|---|
| Essential | Login sessions, security |
| Analytics | Usage statistics (anonymised) |
| Preferences | Language and UI settings |
7. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), including Denmark, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): request deletion of your personal data
- Right to restriction: request that we limit processing of your data
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interests
- Right to withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk.
8. International Data Transfers
The Service may process data on servers located outside Denmark or the EEA. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Security
We implement industry-standard technical and organisational measures to protect your personal data, including encryption in transit (HTTPS/TLS) and at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
10. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, contact us immediately at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, where appropriate, by sending you an email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions or to exercise your rights:
Murph (Tobias Haahr Nielsen)
Email: [email protected]
Website: https://bymurph.com/privacy