Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is:

DRIVEN Archive
Contact: info@drivenarchive.com

If you have any questions about how your data is processed, please contact us at the email address above.

2. Information We Collect

Account Information

When you create an account, we collect your email address, chosen handle (username), and optional bio. Your password is securely hashed and never stored in plain text.

User Content

Stories, photos, ratings, impressions, and messages you create are stored on our servers. Photos are stored in secure cloud storage buckets.

Usage Data

We may collect basic usage data such as login timestamps, device type, and app version to improve the service. We do not track your location or browsing activity outside the App.

3. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide you with the DRIVEN service, including account management, story publishing, messaging, and ratings
• Consent (Art. 6(1)(a) GDPR): When you explicitly agree to our Terms and Privacy Policy during registration, and for optional features such as voice-to-text transcription
• Legitimate interest (Art. 6(1)(f) GDPR): To improve our services, ensure platform security, and enforce community standards

4. How We Use Your Information

We use your information to:

• Provide and maintain the DRIVEN service
• Display your stories, profile, and ratings to other users
• Enable messaging between users
• Send essential service emails (account verification, password reset)
• Translate story content between languages (using AI processing)
• Improve and develop new features
• Enforce our Terms of Service and community standards

5. Data Processors & Third Parties

We do not sell, rent, or trade your personal information. To operate the App, we use the following third-party service providers (data processors):

• Supabase (USA): Authentication, database storage, and file/photo storage. Supabase uses AWS infrastructure
• OpenAI (USA): Story translation between languages and voice-to-text transcription. Only the content you choose to translate or dictate is sent to OpenAI

These providers process data on our behalf under data processing agreements and are bound to protect your data.

6. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers (Supabase, OpenAI). These transfers are conducted in compliance with GDPR requirements, relying on appropriate safeguards such as Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.

7. Data Storage & Security

Your data is stored using industry-standard security practices, including encrypted connections (TLS/SSL), secure authentication tokens, row-level security policies, and access controls. While we take reasonable measures to protect your data, no system is completely secure.

8. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all associated data (stories, photos, messages, ratings, profile information) is permanently deleted from our servers. Voice recordings used for transcription are processed in real-time and not stored permanently. Translation caches are deleted when the associated story is deleted.

9. Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right of access (Art. 15): Request a copy of your personal data
• Right to rectification (Art. 16): Update or correct inaccurate data via your profile
• Right to erasure (Art. 17): Delete your account and all associated data at any time
• Right to restriction of processing (Art. 18): Request limited processing of your data
• Right to data portability (Art. 20): Request your data in a machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interest
• Right to withdraw consent (Art. 7): Withdraw your consent at any time by deleting your account

To exercise any of these rights, contact us at info@drivenarchive.com.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. You may contact the data protection authority in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

11. Cookies & Tracking

DRIVEN uses local storage and authentication tokens to maintain your session. We do not use advertising cookies, analytics trackers, or third-party tracking pixels.

12. Children's Privacy

DRIVEN is not intended for users under 16 years of age. We do not knowingly collect information from children. If you believe a child has created an account, please contact us and we will delete the account.

13. Voice Recording

DRIVEN offers voice-to-text input for writing stories. Audio recordings are transmitted securely to OpenAI for transcription and are not stored permanently by either DRIVEN or OpenAI. This feature is optional and requires your explicit action to use.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes through the App. Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at info@drivenarchive.com.