Privacy Policy.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the data controller is the team operating Pay Per Slur. You can reach us at privacy@payperslur.com. We will reply within a reasonable period, defined here as "when we see it".

We collect only the information we need to operate the Service:

• Account information: the email address you provide when you sign up or submit a request.
• Submission content: the text and optional social handle you choose to submit for "approval".
• Payment metadata: when applicable, a transaction reference and the last four digits of your card. Full card details are handled by our payment processor and never reach our servers.
• Technical data: IP address, user agent, approximate location (country/region), referrer, and the pages you viewed.
• Questionable online decision-making metrics: aggregate and anonymised signals about how users navigate the Service. We use these to understand which jokes are landing, not to identify any individual.

We rely on the following lawful bases under GDPR Article 6:

• Contract: to provide the Service you have requested, including signing you up and processing submissions.
• Legitimate interests: to operate, secure, and improve the Service, and to investigate suspected misuse.
• Legal obligation: where we are required to retain records for tax, accounting, or law-enforcement purposes.
• Consent: for non-essential cookies and marketing communications, where applicable.

We use a minimal set of first-party cookies to keep the site functioning and to measure aggregate usage. We do not use advertising cookies. Where required, we ask for your consent before setting any non-essential cookies.

You can disable cookies in your browser. The Service will continue to load; it may simply forget that you closed a banner.

We use privacy-respecting analytics to understand how the Service is used in aggregate. We do not sell analytics data, and we do not combine it with personal information for the purpose of building advertising profiles. We sometimes look at the data and feel briefly powerful, and then we go back to work.

Where the Service offers paid features, payments are processed by regulated third-party providers (for example, Stripe). Those providers handle your card details under their own privacy policies and applicable financial regulations. We receive only a confirmation that a charge succeeded, along with limited metadata required for accounting and fraud prevention.

We share personal data with a small number of sub-processors who help us operate the Service, including:

• Cloud hosting and managed database providers
• Transactional email providers
• Payment processors
• Error monitoring and analytics tools

Each sub-processor is bound by contractual obligations requiring appropriate technical and organisational measures consistent with this policy.

Some of our sub-processors are located outside the European Economic Area and the United Kingdom. Where required, transfers are made under the European Commission's Standard Contractual Clauses or an equivalent safeguard recognised in the recipient jurisdiction.

We use industry-standard measures to protect personal data, including TLS in transit, encryption at rest for sensitive fields, role-based access controls, and audit logging. No system is perfectly secure. In the event of a personal-data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users within 72 hours.

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Submission content is retained until you ask us to delete it or until we close the project, whichever happens first.

Under GDPR and similar laws you have the right to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. You also have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@payperslur.com. We will not require you to explain yourself.

The Service is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this policy from time to time. Material changes will be reflected by a revised "Last updated" date at the top of this page and, where appropriate, a more visible notice.