OyList
Explore
Create
Social
HomePrivacy Policy
Privacy Policy
Welcome to OyList. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website and services.
OyList is fully compliant with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This policy is written in plain language to help you understand your rights and our responsibilities.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account and use OyList, we collect:
  • Email address - Used for account creation, authentication, and essential communications
  • Password - Stored securely using one-way encryption (never in plain text)
  • Username - Your public identifier on the platform
  • Profile information - Optional bio, avatar image, display preferences
  • User-generated content - Lists you create, comments you post, votes you cast, and reports you submit
  • Account preferences - Theme settings, language preferences, notification settings, privacy controls
1.2 Information Collected Automatically
When you use OyList, we automatically collect:
  • IP address - For security, rate limiting, and fraud prevention
  • Session information - Authentication tokens, login timestamps
  • Usage analytics - Pages visited, features used, time spent (anonymized in aggregate reports)
  • Device information - Browser type, operating system, screen resolution (for optimization)
  • Cookies - See our Cookie Policy section below
1.3 Information from Third-Party Authentication
If you sign in using a third-party authentication provider:
  • Email address - From your authentication provider
  • Profile information - Name and profile picture (if you choose to import)
  • We do NOT receive or store your third-party account password
1.4 Information We Do NOT Collect
  • We do NOT track your location without explicit consent
  • We do NOT collect sensitive personal data (race, religion, political views, health data)
  • We do NOT sell your personal data to third parties
2. How We Use Your Information
2.1 Essential Platform Functions
  • Account management - Creating and maintaining your account
  • Authentication - Verifying your identity when you log in
  • Content delivery - Displaying lists, comments, votes, and user profiles
  • Communication - Sending transactional emails (password resets, account notifications)
2.2 Platform Improvement
  • Quality scoring - Using AI services to assess content quality and detect spam
  • Content moderation - Analyzing reported content for policy violations
  • Analytics - Understanding how users interact with features to improve the platform
  • Bug detection - Monitoring errors and performance issues
2.3 Security and Trust
  • Fraud prevention - Detecting bots, spam, and abusive behavior
  • Rate limiting - Preventing API abuse and DDoS attacks
  • Trust scoring - Calculating karma scores based on community contributions
  • Abuse prevention - Reviewing reports and enforcing community guidelines
3. How We Store and Protect Your Data
3.1 Data Storage
  • Primary database - Secure database servers with encrypted backups
  • Image storage - Cloud storage with encryption at rest
  • Cache storage - Secure cache for temporary session data (expires automatically)
  • Backup storage - Encrypted daily backups stored securely
3.2 Data Security Measures
  • Encryption in transit - All data transmitted over HTTPS/TLS
  • Password security - Passwords securely hashed using industry-standard one-way encryption (never stored in plain text)
  • Access control - Personal data accessible only to authorized personnel
  • Database encryption - Backups encrypted at rest
  • Security audits - Regular penetration testing and vulnerability assessments
  • Incident response - Established protocols for data breach notification
3.3 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
  • Notify you within 72 hours via email (GDPR requirement)
  • Explain what data was affected and what actions we're taking
  • Provide guidance on protecting your account
4. Third-Party Data Sharing
We share your data with the following third parties only as necessary to operate the platform:
4.1 Cloud Infrastructure
  • Cloud storage providers - Store images you upload with encryption at rest
  • CDN services - Deliver content faster and provide DDoS protection
4.2 Authentication Providers
  • Third-party authentication services - If you choose to sign in with external accounts (email and profile only)
  • We do NOT receive or store your third-party account passwords
4.3 Email Delivery
  • Email delivery services - Send transactional emails (password resets, account notifications)
  • We do NOT share marketing emails without your explicit consent
4.4 Security Services
  • Bot detection services - Protect public endpoints from automated abuse
4.5 AI Content Analysis
  • AI service providers - Analyze content for moderation and quality scoring
  • What we send: Text content only (list descriptions, comments for moderation)
  • What we do NOT send: Email addresses, passwords, IP addresses, or other personally identifiable information
4.6 External Content APIs (No Personal Data Shared)
When you create lists with external content, we fetch metadata from third-party content providers for movies, TV shows, music, videos, and factual information.
Important: These services receive ONLY the content identifiers you search for, NOT your personal information.
4.7 Advertising (Future)
We may display advertising in the future to support the platform. If we do:
  • Advertising partners may use cookies to show you relevant ads
  • You will have the option to opt out of personalized advertising
  • We will clearly disclose all advertising partners in this policy
  • We will never sell your personal data to advertisers or third parties
  • Advertising will be clearly labeled and distinguished from organic content
4.8 What We Do NOT Do
  • We do NOT sell your personal data to third parties
  • We do NOT share more data than absolutely necessary to operate the platform
  • All third-party providers have data processing agreements ensuring GDPR compliance
5. Your Privacy Rights Under GDPR
As a user, you have the following rights:
5.1 Right to Access
You can download all your personal data in machine-readable JSON format.
How to exercise this right: Go to Settings → Privacy & Data → Download My Data
Export request processed within 48 hours. Secure download link sent via email (expires in 7 days).
5.2 Right to Deletion ("Right to be Forgotten")
You can request complete account deletion at any time.
Deletion process:
  1. Submit deletion request in Settings (password confirmation required)
  2. 7-day grace period begins (you can cancel during this time)
  3. After 7 days, permanent deletion begins
  4. All personal data deleted within 30 days (GDPR compliance)
5.3 Right to Rectification
You can edit your profile information at any time in Settings.
5.4 Right to Restriction
You can deactivate your account without permanent deletion. Accounts can be reactivated within 90 days.
5.5 Right to Data Portability
Your data export supports portability to other platforms (JSON format).
5.6 Right to Object
You can opt out of analytics tracking and AI content analysis in Settings.
6. Cookie Policy
OyList uses cookies to provide essential functionality and improve your experience.
6.1 Essential Cookies (No Consent Required)
  • Session cookies - Keep you logged in
  • CSRF tokens - Prevent cross-site request forgery attacks
  • Rate limit tracking - Prevent API abuse
6.2 Analytics Cookies (Opt-In)
Track anonymized usage to improve the platform. You can opt out in Settings → Privacy & Data → Cookie Preferences.
6.3 Preference Cookies (Opt-In)
Remember your settings (theme, language). You can opt out, but your preferences won't be saved across sessions.
6.4 Advertising Cookies (Opt-In, Future)
We may use advertising cookies in the future to:
  • Display relevant advertisements
  • Measure ad effectiveness
  • Support platform sustainability
If we implement advertising:
  • You will be asked for explicit consent
  • You can opt out of personalized ads at any time
  • Non-personalized ads may still be shown
  • All advertising partners will be disclosed in this policy
7. Data Retention
  • Active accounts - Data retained indefinitely while account active
  • Inactive accounts - Accounts inactive for 2+ years receive deletion warning email
  • Deleted accounts - Personal data deleted within 30 days
  • Backups - Personal data removed from backups within 90 days of deletion request
8. Children's Privacy
OyList is not intended for children under 16 years old. We do not knowingly collect personal data from children. If we discover that a child under 16 has created an account, we will delete the account and all associated data immediately.
9. Changes to This Privacy Policy
We may update this privacy policy from time to time. When we do, you will receive an email notification about significant changes, and the "Last Updated" date will change. Continued use of OyList after changes means you accept the new policy.
10. Contact Us
If you have questions about this privacy policy or want to exercise your GDPR rights:
Summary
What we collect: Email, password (hashed), username, content you create, cookies, IP address
Why we collect it: Authentication, platform functionality, security, GDPR compliance
Who we share with: Cloud storage (images), third-party authentication providers, email services, AI services (content only, no personal data), bot detection services
Your rights: Download your data, delete your account, edit your profile, opt out of analytics
We do NOT: Sell your personal data to third parties
Questions? Contact [email protected]
By using OyList, you acknowledge that you have read and understood this Privacy Policy.
Last published: January 2025
Copyright © 2026 OyList. All Rights Reserved.
Privacy
|
Terms
|
DMCA
|
Contact