Privacy Policy

Last Updated: April 17, 2025

Migra AS ("we," "us," or "our"), a company based in Oslo, Norway, operates "Cuchame", a Software-as-a-Service (SaaS) platform (the "Service") that enables users to monitor live-streaming media. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service, in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations.

By accessing or using our Service, you agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

1. Information We Collect

We collect information about you in the following ways:

1.1 Information You Provide to Us

• Account Creation and Sign-In: When you sign up for an account or log in using our login screen or "Sign in with Google," we may collect:
  • Your name
  • Email address
  • Any additional information you voluntarily provide (e.g., preferences or profile details)
  • If using "Sign in with Google," we collect information provided by Google, such as your name, email address, and Google account ID, subject to your Google account privacy settings.
• Billing Information: When you subscribe to our Service, our third-party payment processor, Stripe, collects and processes:
  • Payment method details (e.g., credit card number, billing address)
  • Transaction details (e.g., payment amount, date, and subscription plan)
  • We do not store your full payment information on our servers; Stripe securely handles this data on our behalf.
• Customer Support: If you contact us for support, we may collect:
  • Your name, email address, and any information you provide in your communications
  • Details about your issue or inquiry

1.2 Information Collected Automatically

• Session Tokens: We use localStorage in your browser to store a session token to keep your login session active. This token does not contain personally identifiable information but is used to authenticate your access to the Service.
• Usage Data: We collect information about how you interact with our Service, including:
  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Pages visited and features used
  • Timestamps of your activities
  • Referring URLs

1.3 Information from Third Parties

• Google Sign-In: If you use "Sign in with Google," we receive certain information from Google, such as your name, email address, and Google account ID, as authorized by you.
• Stripe: Our payment processor, Stripe, provides us with limited transaction-related information, such as confirmation of successful payments or subscription status.

2. How We Use Your Information

We use your information for the following purposes:

• To Provide and Operate the Service:
  • Create and manage your account
  • Authenticate your login sessions using session tokens stored in localStorage
  • Process payments and manage subscriptions via Stripe
  • Deliver the live-streaming media monitoring features you request
• To Improve the Service:
  • Analyze usage data to enhance functionality, performance, and user experience
  • Identify and fix technical issues
• To Communicate with You:
  • Send account-related notifications (e.g., password resets, subscription updates)
  • Respond to your customer support inquiries
  • Send promotional emails or updates about the Service (you may opt out of these at any time)
• To Comply with Legal Obligations:
  • Fulfill requirements under applicable laws, such as tax reporting or responding to lawful requests from authorities
  • Maintain records as required by privacy regulations
• To Protect Our Rights and Safety:
  • Detect and prevent fraud, abuse, or security incidents
  • Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and other jurisdictions where GDPR applies, we process your personal data based on the following legal grounds:

• Contractual Necessity: To perform our contract with you, such as providing the Service, managing your account, and processing payments.
• Consent: For non-essential processing, such as sending promotional emails, where we obtain your explicit consent.
• Legitimate Interests: For activities like improving the Service, preventing fraud, or analyzing usage data, where our interests are not overridden by your rights.
• Legal Obligation: To comply with applicable laws, such as tax or data protection regulations.

4. How We Share Your Information

We do not sell your personal information or share it with live-streaming media sources. We may share your information only in the following circumstances:

• With Service Providers:
  • Google: For "Sign in with Google" authentication, we share limited data with Google as necessary to facilitate login.
  • Stripe: Our payment processor collects and processes payment information on our behalf to manage subscriptions.
• For Legal Reasons:
  • To comply with applicable laws, regulations, or legal processes (e.g., subpoenas, court orders).
  • To protect our rights, property, or safety, or that of our users or the public.
• Business Transfers:
  • In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.
• With Your Consent:
  • We may share your information for other purposes if you provide explicit consent.

5. International Data Transfers

As a global service based in Norway, your personal information may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (e.g., Stripe, Google) are located. These countries may have different data protection laws.

For users in the EEA, UK, or Switzerland, we ensure that international transfers comply with GDPR requirements, such as:

• Transferring data to countries deemed to have adequate data protection by the European Commission.
• Using Standard Contractual Clauses (SCCs) with service providers to safeguard your data.
• Obtaining your consent for transfers where required.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

• Account Data: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations (e.g., tax records) or resolve disputes.
• Session Tokens: Stored in localStorage until you log out or clear your browser data.
• Usage Data: Retained for as long as necessary to improve the Service or comply with legal obligations.
• Billing Information: Retained by Stripe as necessary to comply with financial regulations; we retain only minimal transaction records.

When your information is no longer needed, we securely delete or anonymize it in accordance with applicable laws.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Rectification: Correct inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Restriction: Restrict certain uses of your information.
• Data Portability: Receive your personal information in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests, including for direct marketing.
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
• Do Not Sell: For California residents, opt out of the sale of personal information (note: we do not sell your information).

To exercise these rights, contact us at support@cucha.me. We will respond within the timeframes required by law (e.g., 30 days for GDPR, 45 days for CCPA).

Additional Choices:

• Promotional Emails: Opt out of marketing communications by clicking the "unsubscribe" link in emails or contacting us.
• Session Tokens: Log out or clear your browser’s localStorage to end your session.

8. Security

We implement reasonable technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (e.g., HTTPS)
• Secure storage of session tokens in localStorage
• Access controls to limit employee access to your data
• Regular security assessments of our systems

However, no system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

9. Third-Party Links and Services

Our Service may interact with third-party live-streaming media sources for monitoring purposes, but we do not share your personal information with these sources. We are not responsible for the privacy practices of third-party services you may access through our Service. We encourage you to review their privacy policies before interacting with them.

10. Children’s Privacy

Our Service is not intended for individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected such information, we will promptly delete it. Contact us if you believe we have inadvertently collected data from a child.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by posting the updated policy on our website or sending you a direct notification (e.g., via email). The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

13. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us directly or with a supervisory authority in your jurisdiction. For EEA residents, you can contact the Norwegian Data Protection Authority (Datatilsynet) or your local Data Protection Authority. For California residents, you may contact the California Attorney General.