Privacy Policy

Last updated: June 2026

1. Controller

The controller responsible for data processing on this website is:

Andreas Langa · Schubertgasse 14 / 27 · 1090 Wien · Austria
mail@pyzia.app

2. Data we collect

We collect the following personal data:

  • Account data — username, display name, and email address when you create an account. If you sign in with Google, we receive your name, email address, and profile picture from Google.
  • Profile data — your bio and your profile visibility setting (public or private).
  • Content you create — charts, posts, comments, and annotations you publish, as well as charts you save privately.
  • Social interactions — who you follow, your follow requests, who follows you, and posts you like. This data is needed to build your feed and follower lists.
  • Authentication data — session tokens stored in cookies to keep you logged in.
  • Usage data — basic server logs (IP address, browser type, pages visited) for security and debugging.
  • Analytics data — aggregated usage data (page views, referrer, country, device type, browser) collected via Vercel Analytics. No cookies are set and no IP addresses are stored for this purpose.

If you do not provide account data, you can still browse the platform but will not be able to create an account, save charts, or publish posts.

3. Visibility of your profile and content

Pyzia is a social platform. Please be aware of what other people can see:

  • Posts you publish appear in other users' feeds together with your username and display name. Comments and likes are likewise shown with your username.
  • If your profile is set to public, your profile (username, display name, bio), your posts, and your follower and following lists are visible to other users.
  • If your profile is set to private, your posts and follower lists are only visible to followers you have approved. Your username, display name, and bio remain visible so that others can find you and send follow requests.
  • Privately saved charts are visible only to you.

Your feed is ordered chronologically. We do not use algorithmic profiling to select or rank the posts you see.

4. Legal basis for processing

  • Account, profile, content, social interaction, and session data: performance of a contract (Art. 6(1)(b) GDPR) — this processing is necessary to provide the platform features you use.
  • Server logs: legitimate interest in security and stability (Art. 6(1)(f) GDPR).
  • Analytics data: legitimate interest in understanding platform usage to improve the service (Art. 6(1)(f) GDPR).

5. Cookies

We use one strictly necessary cookie to maintain your login session. It is set by our authentication provider (Supabase) and expires when you log out or after a fixed period of inactivity. No tracking or advertising cookies are used.

6. Third-party services and data transfers outside the EEA

We use the following service providers (processors), some of which are based outside the EEA:

  • Vercel (Vercel Inc., USA) — hosting of this website. Vercel processes your IP address and server logs when you visit the site. The transfer to the USA is covered by the EU–US Data Privacy Framework (Art. 45 GDPR). See Vercel's Privacy Policy. Vercel also provides an analytics service that records page views, referrer, country (derived from IP — the IP itself is not stored), device type, browser, and Web Vitals. No cookies are used for analytics. This is based on our legitimate interest in understanding how the platform is used (Art. 6(1)(f) GDPR).
  • Supabase (Supabase Inc., USA) — authentication and database hosting. Your account data and content are stored on servers located in the EU. Limited access by the US parent company is covered by the EU–US Data Privacy Framework (Art. 45 GDPR). See Supabase's Privacy Policy.
  • Google Sign-In (Google Ireland Ltd., Ireland / Google LLC, USA) — optional login with your Google account. Data is exchanged with Google only when you choose this login method (Art. 6(1)(b) GDPR). Transfers to the USA are covered by the EU–US Data Privacy Framework (Art. 45 GDPR). See Google's Privacy Policy.
  • MapTiler(MapTiler AG, Switzerland) — map tiles for interactive maps. When you view a map, your IP address is transmitted to MapTiler's servers to deliver the tiles. This is based on our legitimate interest in displaying interactive maps (Art. 6(1)(f) GDPR). Switzerland is recognised by the EU as providing an adequate level of data protection (Art. 45 GDPR). See MapTiler's Privacy Policy.

Economic and financial data displayed on Pyzia is sourced from publicly available third-party datasets. We do not share your personal data with data providers.

7. Data retention and account deletion

Account data is retained for as long as your account is active. You may request deletion of your account at any time; this removes your profile, posts, comments, likes, saved charts, and follow relationships. Server logs are retained for up to 30 days.

8. Your rights

Under GDPR (Art. 12–22) you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Correct inaccurate data (Art. 16).
  • Request erasure of your data — "right to be forgotten" (Art. 17).
  • Restrict processing of your data (Art. 18).
  • Object to processing based on legitimate interest (Art. 21).
  • Receive your data in a portable format (Art. 20).
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at mail@pyzia.app. We will respond within 30 days.

9. Right to lodge a complaint

You have the right to lodge a complaint with the Austrian data protection authority:

Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
www.dsb.gv.at

© 2026 Pyzia. All rights reserved.