Skip to main content
goplug.me
Sign InSign Up

Privacy Policy

Effective May 16, 2026

This Privacy Policy describes how Dererk William Copeland Jr., an individual doing business as "goplug.me," a sole proprietorship based in Deptford, New Jersey, United States ("goplug.me," "we," "us," or "our"), collects, uses, shares, retains, and protects information about you when you use our website, applications, and services (collectively, the "Service"). By creating an account, accessing, or using the Service, you agree to the practices described in this Policy. If you do not agree, do not use the Service.

1. Information We Collect

1.1 Information you provide

  • Account information. When you sign in with Google, we receive your name, email address, Google account ID, and profile photo. We do not receive your Google password.
  • Profile information. Your username, display name, biography, avatar, social links, theme color preference, public search preference, and any other content you submit to your profile.
  • User content. Referral codes, brand names, descriptions, categories, visibility settings, exposure caps, uploaded images, reports of other users' content, and any other content you submit.
  • Payment information. If you purchase a Pro subscription or Boost placement, our payment processor (Stripe, Inc.) collects and stores your payment instrument data directly. We receive only a Stripe customer identifier, the last four digits of your card, the card brand, and transaction metadata necessary to process billing. We never see, store, or have access to your full card number, CVV, or bank credentials.
  • Communications. Messages you send us through feedback forms, support requests, or email.

1.2 Information collected automatically

  • Device and connection data. IP address, user agent string, browser type and version, operating system, device type, language preference, time zone, and approximate geographic location derived from your IP address.
  • Usage data. Pages visited, links clicked, referral codes you click or copy, search queries, session start and end timestamps, ad impressions and interactions, feature usage, and other actions you take in the Service.
  • Click attribution. When you click a referral code link, we record the click event (timestamp, the code identifier, your IP address, and — if you are signed in — your account identifier) for fraud prevention, rate limiting, analytics, and to support boost auction outcomes. When a referral code reaches its exposure cap, the code's owner receives an email notification.
  • Cookies, local storage, and similar technologies. We use first-party cookies, browser local storage, and IndexedDB to keep you signed in (including an HttpOnly server session cookie used by our server to authenticate your requests), store your preferences, and maintain anti-abuse tokens (Firebase App Check). We use third-party cookies from Google Analytics, Google AdSense, and Stripe for measurement, advertising, and fraud prevention. You can manage cookie preferences via the cookie banner shown on your first visit and through our cookie settings link.
  • Email engagement data. When we send transactional email, our service provider (Amazon SES) records delivery, bounce, and complaint events.
  • Error and diagnostic data. Where enabled, our error monitoring service (Sentry) collects technical information about errors that occur in the Service, including browser, OS, page URL, stack traces, and a session identifier. A small sample of error sessions also includes a Session Replay — a privacy-preserving recording of DOM changes, network activity, and console output, with all text content masked and media (images, video, iframes) blocked from capture, used solely to diagnose and fix issues.

1.3 Information from third parties

We may receive information about you from advertising networks (e.g., Google AdSense), analytics providers, fraud prevention services (e.g., Cloudflare Turnstile, Google reCAPTCHA, Google WebRisk), and payment processors. We may also receive aggregated reports about ad performance and audience characteristics.

2. How We Use Information

We use information we collect to:

  • Provide, operate, maintain, and improve the Service;
  • Authenticate you, secure your account, and prevent fraud, abuse, and unauthorized access;
  • Process payments, billing, refunds, chargebacks, and tax compliance;
  • Operate the discovery feed, brand pages, search, and recommendation features;
  • Run boost auctions, calculate winners, and process refunds for removed or capped codes;
  • Detect, investigate, and prevent fraudulent, abusive, or illegal activity;
  • Apply content moderation, including automated risk scoring, classifier-based review, and human review of flagged content;
  • Send transactional email and, where you have consented, marketing email;
  • Personalize content and measure engagement;
  • Generate aggregate, deidentified statistics about Service usage;
  • Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

3. How We Share Information

3.1 Public content

Your username, display name, avatar, biography, public referral codes, brand names, click counts, and engagement metrics are public by design and may be viewed, indexed by search engines, and copied by anyone. Set codes to profile-only or following-only visibility, or mark your profile as non-searchable, if you prefer to limit public exposure.

3.2 Service providers

We share information with vendors that help us operate the Service. These vendors are contractually limited to the purposes we specify and process data on our behalf: Google LLC (Firebase Auth, App Hosting, Firestore, Storage, Functions, Analytics, AdSense, reCAPTCHA, App Check, Natural Language API, WebRisk), Stripe, Inc. (payment processing, subscription billing, fraud prevention), Amazon Web Services, Inc. (Amazon SES — transactional email), Cloudflare, Inc. (Turnstile — anti-bot for the click endpoint), Functional Software, Inc. d/b/a Sentry (error monitoring), and logo.dev (brand logo lookups). We may add or change service providers from time to time; the current list above will be updated to reflect material changes.

3.3 Legal and safety

We may disclose information when we believe disclosure is necessary to comply with applicable law, enforce our Terms, protect the safety, rights, or property of our users, the public, or ourselves, or to detect, prevent, or address fraud, security, or technical issues.

3.4 Business transfers

If we sell or transfer all or part of the business (for example, in connection with a merger, acquisition, financing, or sale of assets), information about you may be transferred to the acquiring party, subject to this Policy or a successor policy that is substantially similar.

3.5 No sale of personal information

We do not sell your personal information for monetary consideration. We do permit Google AdSense to use cookies on the Service to serve interest-based advertising, which may be considered a "sale" or "sharing" under certain U.S. state laws (including the California Consumer Privacy Act, as amended by the California Privacy Rights Act). You may opt out via the cookie banner or by enabling your browser's Global Privacy Control (GPC) signal, which we honor as an opt-out request.

4. Data Retention

We retain account information and user content for as long as your account is active. Once you delete your account, we delete or anonymize your account information, profile, and submitted referral codes within 30 days, except where we are required to retain information for legal, financial, dispute resolution, or fraud prevention purposes (in which case retention may extend up to seven years for transactional records and up to two years for fraud investigation logs). Moderation audit logs are retained as required to operate the platform's trust-and-safety functions. Aggregated event data and security logs may be retained for up to 24 months after deletion.

5. International Transfers

We are based in the United States. By using the Service, you understand that your information will be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on Standard Contractual Clauses, the EU-U.S. Data Privacy Framework (where applicable to our processors), or other lawful transfer mechanisms.

6. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal information, and to withdraw consent or opt out of sale/sharing for advertising. We will not discriminate against you for exercising any of these rights. To exercise rights, sign in and use the in-app settings, or email privacy@goplug.me. We verify identity before fulfilling certain requests and will respond within the timeframe required by applicable law (generally 30 days under the GDPR and 45 days under the CCPA/CPRA, each subject to extension where permitted). If we deny a request, you may have a right to appeal; the denial notice will include instructions.

7. Security

We implement administrative, technical, and physical safeguards including encryption in transit (TLS), encryption at rest, role-based access controls, rate limiting, anti-bot challenges, anti-abuse attestation (Firebase App Check), and input validation. No system is impenetrable. You are responsible for safeguarding your account credentials and notifying us promptly of any suspected compromise.

8. Children

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18 without verifiable parental consent where required, we will delete that information as soon as practicable. If you believe a child has provided personal information to us, contact privacy@goplug.me.

9. Changes to this Policy

We may update this Policy. If we make material changes, we will notify you by email or by prominent notice on the Service at least 14 days before the changes take effect. The "Effective" date at the top indicates when it was last revised. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

10. Contact

For privacy questions, requests, or complaints:

  • Email: privacy@goplug.me
  • Mail: goplug.me Privacy, c/o Dererk William Copeland Jr., 1907 Deptford Center Rd, Ste 3, PMB 1133, Deptford, NJ 08096

EU/UK residents may also lodge a complaint with their local data protection authority.