Phasmo Social Logo
Phasmo Social

Phasmo Social

Login
/PRIVACY POLICY

PRIVACY POLICY

Effective Date: October 30, 2025
Last Updated: October 30, 2025

1. INTRODUCTION

Ninth Signal ("we," "us," or "our") operates Phasmophobia Social (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Email address (through authentication provider)
  • Username
  • Display name
  • Avatar/profile picture
  • Password (encrypted and managed by Supabase Auth)

Profile Information:

  • Bio/description
  • Social media links
  • Gaming preferences
  • Account settings

User-Generated Content:

  • Tips and tricks you post
  • Comments on other users' content
  • Votes (upvotes/downvotes)
  • Flags/reports submitted
  • Follow relationships
  • Badges earned

2.2 Automatically Collected Information

Usage Data:

  • Pages visited
  • Features used
  • Time spent on the Service
  • Interaction patterns
  • Search queries
  • Navigation paths

Device Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Screen resolution
  • Language preferences

Cookies and Tracking Technologies:

  • Session cookies
  • Authentication tokens
  • Preference cookies
  • Analytics cookies
  • Third-party advertising cookies (Google AdSense)

2.3 Information from Third Parties

Authentication Providers:

  • Profile information from OAuth providers (if using social login)
  • Email verification status

Google AdSense:

  • Advertising identifiers
  • Browsing behavior (as permitted by Google's policies)
  • Ad interaction data

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

3.1 Service Provision:

  • Create and manage your account
  • Enable authentication and security
  • Display your profile and content
  • Facilitate community interactions
  • Process voting and commenting
  • Award badges and achievements
  • Provide follow/follower functionality

3.2 Service Improvement:

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance
  • Conduct research and analytics

3.3 Communication:

  • Send account-related notifications
  • Provide customer support
  • Send administrative messages
  • Notify you of policy changes
  • Respond to inquiries

3.4 Safety and Security:

  • Detect and prevent fraud
  • Enforce Terms of Service
  • Moderate content
  • Prevent abuse and harassment
  • Maintain platform integrity

3.5 Advertising:

  • Display relevant advertisements (for non-subscribed users)
  • Measure ad performance
  • Comply with advertising regulations

3.6 Legal Compliance:

  • Comply with legal obligations
  • Respond to legal requests
  • Protect our rights and property
  • Resolve disputes

4. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

4.1 Consent: You have given explicit consent for specific processing activities (e.g., cookies).

4.2 Contract Performance: Processing is necessary to perform our contract with you (Terms of Service).

4.3 Legitimate Interests: Processing is necessary for our legitimate interests, such as:

  • Improving the Service
  • Preventing fraud
  • Ensuring security
  • Analytics and research

4.4 Legal Obligations: Processing is necessary to comply with legal requirements.

5. THIRD-PARTY SERVICES

5.1 Supabase (Database and Authentication)

We use Supabase for database hosting and user authentication. Supabase processes:

  • Account credentials
  • Profile data
  • User-generated content
  • Authentication tokens

Supabase Privacy Policy: https://supabase.com/privacy

5.2 Google AdSense

We use Google AdSense to display advertisements on the Service. Google AdSense uses cookies and similar technologies to:

  • Display personalized ads
  • Measure ad performance
  • Prevent fraud

Users who purchase our ad-free subscription will not see Google AdSense advertisements, but some Google cookies may persist for analytics purposes.

Google Privacy Policy: https://policies.google.com/privacy

Google AdSense Cookie Policy: https://policies.google.com/technologies/cookies

Opting Out of Personalized Ads:

  • Visit Google Ad Settings: https://adssettings.google.com
  • Use browser extensions that block ads
  • Adjust browser cookie settings

5.3 Analytics Services

We may use analytics services to understand Service usage. These services collect:

  • Page views
  • User flows
  • Session duration
  • Device information

6. DATA SHARING AND DISCLOSURE

6.1 Public Information

The following information is publicly visible on the Service:

  • Username and display name
  • Avatar/profile picture
  • Bio and social links
  • Tips, comments, and votes you post
  • Badges earned
  • Follow relationships

6.2 Service Providers

We may share your information with third-party service providers who assist in:

  • Hosting and infrastructure
  • Authentication services
  • Payment processing (for ad-free subscriptions)
  • Customer support
  • Analytics and monitoring

These providers are bound by confidentiality obligations and may only use your information to perform services on our behalf.

6.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Legal processes
  • Government requests
  • Protection of our rights or property
  • Investigation of fraud or security issues

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.5 Aggregated Data

We may share aggregated, non-personally identifiable data with third parties for research, marketing, or analytics purposes.

7. DATA RETENTION

7.1 Active Accounts: We retain your information for as long as your account is active or as needed to provide services.

7.2 Deleted Accounts: When you delete your account, we will:

  • Remove your profile information within 30 days
  • Anonymize your content (tips, comments) rather than delete to preserve community discussions
  • Retain certain data for legal compliance and security purposes

7.3 Legal Requirements: We may retain information longer if required by law or to resolve disputes.

7.4 Backups: Information may persist in backup systems for up to 90 days after deletion.

8. YOUR RIGHTS AND CHOICES

8.1 Access and Portability (GDPR/CCPA)

You have the right to:

  • Access your personal data
  • Receive a copy of your data in a structured, machine-readable format
  • Request data portability

To exercise: Email privacy@ninthsignal.com

8.2 Correction and Update

You may update your profile information at any time through your account settings.

8.3 Deletion (Right to be Forgotten)

You may request deletion of your account and personal data. Note:

  • Anonymized content may remain for community preservation
  • Legal compliance may require retention of certain data
  • Backup data may persist for up to 90 days

To delete your account: Visit account settings or email privacy@ninthsignal.com

8.4 Opt-Out Rights (CCPA)

California residents have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Opt-out of the sale of personal information
  • Non-discrimination for exercising privacy rights

We do not sell your personal information.

8.5 Marketing Communications

You may opt out of marketing emails by:

  • Clicking "unsubscribe" in emails
  • Adjusting notification settings
  • Contacting privacy@ninthsignal.com

8.6 Cookie Controls

You may control cookies through:

  • Browser settings
  • Third-party opt-out tools
  • Cookie preference centers (if available)

Note: Disabling certain cookies may limit Service functionality.

8.7 Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals.

9. CHILDREN'S PRIVACY

9.1 The Service is not intended for children under 13 years of age.

9.2 We do not knowingly collect personal information from children under 13.

9.3 If we discover we have collected information from a child under 13, we will delete it promptly.

9.4 Parents or guardians who believe their child has provided information should contact privacy@ninthsignal.com.

9.5 Users aged 13-17 should have parental or guardian consent before using the Service.

10. INTERNATIONAL DATA TRANSFERS

10.1 Your information may be transferred to and processed in countries other than your country of residence.

10.2 These countries may have different data protection laws than your jurisdiction.

10.3 We take appropriate safeguards to ensure your data is protected, including:

  • Standard contractual clauses
  • Privacy Shield frameworks (where applicable)
  • Adequacy decisions

10.4 By using the Service, you consent to the transfer of your information to the United States and other countries.

11. DATA SECURITY

11.1 Security Measures:

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security audits
  • Secure database infrastructure (Supabase)

11.2 Limitations:

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11.3 Your Responsibility:

You are responsible for:

  • Maintaining account password confidentiality
  • Logging out of shared devices
  • Reporting suspicious activity

11.4 Data Breaches:

In the event of a data breach, we will:

  • Notify affected users without undue delay
  • Comply with applicable breach notification laws
  • Take remedial action to mitigate harm

12. COOKIES POLICY

12.1 Types of Cookies We Use

Essential Cookies:

  • Authentication and session management
  • Security features
  • Load balancing

Functional Cookies:

  • User preferences
  • Language settings
  • Display customization

Analytics Cookies:

  • Usage statistics
  • Performance monitoring
  • User behavior analysis

Advertising Cookies (Non-Subscribed Users):

  • Google AdSense cookies
  • Ad personalization
  • Ad performance measurement

12.2 Cookie Duration

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Remain for a specified period or until manually deleted

12.3 Managing Cookies

You can manage cookies through your browser settings. Disabling cookies may affect Service functionality.

13. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Right to Know: You may request disclosure of personal information collected, used, and disclosed.

13.2 Right to Delete: You may request deletion of your personal information (subject to exceptions).

13.3 Right to Opt-Out: You may opt out of the "sale" of personal information. We do not sell personal information.

13.4 Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

13.5 Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes.

To exercise CCPA rights: Email privacy@ninthsignal.com or use our online form.

14. EUROPEAN ECONOMIC AREA (EEA) RIGHTS

If you are in the EEA, you have additional rights under GDPR:

14.1 Right of Access: Obtain confirmation of data processing and access to your data.

14.2 Right to Rectification: Correct inaccurate or incomplete data.

14.3 Right to Erasure: Request deletion of your data.

14.4 Right to Restriction: Restrict processing under certain circumstances.

14.5 Right to Data Portability: Receive your data in a portable format.

14.6 Right to Object: Object to processing based on legitimate interests or direct marketing.

14.7 Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing).

14.8 Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise GDPR rights: Email privacy@ninthsignal.com

15. CHANGES TO THIS PRIVACY POLICY

15.1 We may update this Privacy Policy from time to time.

15.2 We will notify you of material changes by:

  • Posting a notice on the Service
  • Sending an email notification
  • Updating the "Last Updated" date

15.3 Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15.4 We encourage you to review this Privacy Policy periodically.

16. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@ninthsignal.com
Data Protection Officer: legal@ninthsignal.com
Company: Ninth Signal

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

17. ADDITIONAL INFORMATION

17.1 Ad-Free Subscription

Users who purchase an ad-free subscription:

  • Will not see Google AdSense advertisements
  • May still be subject to certain cookies for essential functionality
  • Will have improved privacy due to reduced third-party tracking

17.2 Content Moderation

Our moderation team may review flagged content, which may involve accessing:

  • Reported tips or comments
  • Associated user accounts
  • Related activity patterns

17.3 Automated Decision-Making

We may use automated systems for:

  • Content recommendations
  • Badge award algorithms
  • Spam detection
  • Abuse prevention

You have the right to request human review of automated decisions that significantly affect you.

18. ACKNOWLEDGMENT

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO ITS TERMS.

Privacy Policy | Phasmo Social