Privacy Policy

cetin.info ("PraiseLane," "we," "us," or "our"), Ul. Bora Komorowskiego 56C/15, 03-982 Warsaw, Poland, operates the PraiseLane platform at praiselane.com, a testimonial collection and management service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We serve two types of users: Platform Users (businesses and individuals who create accounts to collect and manage testimonials) and Testimonial Submitters (individuals who provide testimonials through our public collection forms). This policy applies to both.

This Privacy Policy explains how we process your data. If you do not agree with our practices, please do not use our services.

Account Data (Platform Users)

• Name and email address
• Password (stored as a secure hash, never in plain text)
• Account preferences and settings (e.g., notification preferences, theme choice)

Testimonial Data (Submitted by Testimonial Givers)

• Author name and email address
• Company name and job title (optional)
• Testimonial text content
• Star rating
• Video testimonials (when provided)
• Profile photo or avatar (when provided)
• Social media profile URL (optional)

Usage Data (Automatically Collected)

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referring website
• Interactions with the platform (clicks, form submissions)

Cookie Data

We use cookies and similar technologies for authentication, preferences, and analytics. See the Cookies & Tracking section below for full details.

Referral Program Data

• Referral codes and referral relationships
• Referral status and rewards

Google Reviews Import Data

• Google account data imported via OAuth (contacts.readonly scope)
• OAuth refresh tokens (encrypted at rest)

Directly from You

When you create an account, submit a testimonial, configure project settings, or contact us for support.

Automatically

Through cookies, server logs, and analytics tools when you browse our website or interact with our platform.

From Third Parties

When you use the Google Reviews import feature, we access your Google account data via the contacts.readonly OAuth scope to import reviews. PraiseLane does not offer Google sign-in for account authentication.

Collection Form Analytics

When you interact with a testimonial collection form, we collect behavioral analytics (form views, field interactions) to improve the experience.

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

• Contract Performance: Processing necessary to provide our services when you create an account or submit a testimonial.
• Consent: When you submit a testimonial, you consent to its potential public display after moderation. You may withdraw consent at any time by contacting us.
• Legitimate Interest: For analytics, fraud prevention, security, and improving our services, where our interests do not override your rights.
• Legal Obligation: When we are required to retain certain data (e.g., billing records) to comply with applicable laws.

• Service Delivery: To operate, maintain, and provide the features of PraiseLane including testimonial collection, moderation, and display.
• Communication: To send you essential service-related emails (account verification, password resets, new testimonial notifications) and onboarding emails. You can unsubscribe from non-essential emails via the link in each email.
• Analytics: To understand how our platform is used and improve the user experience.
• Security: To detect, prevent, and address fraud, abuse, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Referral Program: To administer our referral program, track referral codes, and issue rewards.

We do not use your personal data for automated decision-making or profiling.

This section is particularly important because PraiseLane makes certain testimonial information publicly visible.

Moderation Workflow

All submitted testimonials start with a "pending" status. The platform user (the business that created the collection form) reviews each submission and decides to approve, reject, or feature it. Only approved testimonials are publicly displayed.

What Becomes Public

When a testimonial is approved, the following may be publicly visible through embed widgets or the platform:

• Author name
• Testimonial text content
• Star rating
• Company name and job title (if provided)
• Profile photo (if provided)
• Video testimonial (if provided)

What Stays Private

The following data is never publicly displayed:

• Email addresses of testimonial submitters
• IP addresses
• Internal moderation status and notes

Data Controller vs. Processor

For testimonial data, PraiseLane acts as a data processor on behalf of the platform user (business), who is the data controller. The platform user determines the purposes and means of processing testimonial data. If you are a testimonial submitter and wish to exercise your data rights, you may contact either us or the business that collected your testimonial.

PraiseLane provides an embeddable JavaScript widget (embed.js) that platform users can install on their own websites to display approved testimonials.

What the Widget Does

• The widget fetches only approved, public testimonial data from our API.
• The widget uses browser localStorage on third-party sites to store a persistent viewer identifier (viewer_id) for analytics purposes.
• The widget sends analytics requests (POST) to PraiseLane servers containing: viewer_id, session_id, page URL, and referrer.
• The widget does not set HTTP cookies, but localStorage identifiers persist until cleared by the visitor.

Responsibilities of Platform Users

Platform Users embedding the widget on their websites should disclose this tracking in their own privacy policies and comply with applicable cookie/tracking consent laws (e.g., ePrivacy Directive).

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share data only with the following sub-processors:

• Hosting (Hetzner, Germany): Dedicated server hosting for our application and database. PocketBase runs as self-hosted software on our infrastructure and is not a separate sub-processor.
• CDN & Storage (Cloudflare, R2): Content delivery network and object storage for uploaded media files (video testimonials, profile photos).
• Analytics (Google Analytics, Google Search Console): To understand platform usage patterns. Google Analytics is loaded only with your consent. Data is aggregated and anonymized where possible.
• Error Monitoring (Sentry, EU-hosted): EU-hosted error monitoring. Basic error monitoring (error messages, stack traces, request URLs) runs as an essential service to maintain platform reliability and does not require consent. Session replays (screen recordings during errors) are only activated with your explicit analytics consent. Sentry may receive user email and session data when errors occur.
• Payment Processing (Paddle): Subscription payment processing. We do not store full payment card details on our servers. See Paddle's privacy policy.
• Google APIs (Reviews Import): Used to import Google reviews via OAuth. See Google's privacy policy.
• Legal Requirements: When required by law, court order, or governmental regulation.

All third-party service providers are bound by contractual obligations to protect your data and use it only for the specified purposes. A Data Processing Agreement (DPA) is available upon request. Contact [email protected].

Your data may be transferred to and processed in countries outside of your own, including the United States and European Union member states. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Where required for international data transfers, we rely on EU-approved Standard Contractual Clauses with our sub-processors, including Cloudflare and Sentry.
• Adequacy Decisions: Where applicable, we rely on EU adequacy decisions recognizing the data protection standards of the recipient country.
• Encryption in Transit: All data transfers between your browser and our servers are encrypted using TLS/SSL.

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account Data: Retained for the duration of your active account. Upon account deletion, personal data is removed within 30 days.
• Testimonials: Retained as long as the associated project exists. When a project is deleted, all associated testimonials are removed within 30 days.
• Usage & Analytics: Aggregated analytics data may be retained indefinitely in anonymized form. Raw usage logs are retained for up to 12 months.
• Billing & Tax Records: When payment processing is active, billing and tax records are retained for up to 10 years as required by tax and accounting regulations.
• Cookies & Local Storage: pb_auth (30 days), csrf_session (24 hours), Google Analytics cookies (2 years), embed widget localStorage (until cleared by the visitor).

When data is deleted, it is permanently removed from our active systems. Backup copies may persist for up to 30 additional days before being overwritten.

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in Transit: All connections use HTTPS with TLS encryption.
• Encryption at Rest: Passwords are hashed using industry-standard algorithms. Sensitive data is encrypted at rest.
• Access Controls: Authentication-based access controls ensure only account owners can access their own data. All dashboard and API routes require authentication, and session binding validates IP and device consistency.
• Regular Updates: We monitor and apply security patches to our software dependencies and infrastructure.
• Incident Response: In the event of a data breach, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33). We will notify affected individuals when the breach is likely to result in a high risk to their rights and freedoms (Art. 34).

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use a strong, unique password for your PraiseLane account.

Essential Cookies

We use two essential cookies that are strictly necessary for the platform to function:

• pb_auth — Authentication session cookie (30-day expiry).
• csrf_session — CSRF protection cookie (24-hour expiry).

These cookies do not require consent under GDPR as they are strictly necessary for the service to function. Basic error monitoring via Sentry (error messages, stack traces, request URLs) also operates as an essential service under the legitimate interest legal basis, without requiring consent.

Analytics & Experimentation (Consent Required)

The following are loaded only with your consent, managed through our cookie consent banner:

• Google Analytics — cookies _ga, _ga_* (2-year expiry) for understanding platform usage. You can also opt out via the Google Analytics Opt-out Browser Add-on.
• A/B Testing — cookie pl_visitor_id (1-year expiry) for experiment assignment and conversion tracking. Only activated with your analytics consent.
• Sentry Session Replay — Records user sessions on errors for debugging. Only activated with your analytics consent.

Local Storage

We use browser localStorage for non-essential preferences such as theme selection (light/dark mode), UI state, and cookie consent preferences. This data stays on your device and is not transmitted to our servers.

The embed widget also uses localStorage on third-party sites where it is installed to store a persistent viewer identifier for analytics. See the Embed Widget section for details.

No Third-Party Tracking

We do not use advertising cookies, retargeting pixels, or third-party tracking scripts beyond the services listed above. We do not participate in ad networks or cross-site tracking.

GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure ("Right to be Forgotten"): Request deletion of your personal data.
• Portability: Request your data in a structured, machine-readable format.
• Restriction of Processing: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interest.
• Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with your local data protection supervisory authority.

CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information is collected and how it is used
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell your data)
• Limit use of sensitive personal information
• Non-discrimination for exercising your privacy rights

How to Exercise Your Rights

To exercise any of these rights, email us at [email protected]. We will respond within 30 days for GDPR requests and 45 days for CCPA/CPRA requests. We may ask you to verify your identity before processing your request.

If you are a testimonial submitter, you may also contact the business that collected your testimonial directly to request modifications or removal.

Financial Incentives

We offer a referral program where participants may receive benefits for referring new users. Participation is voluntary. The value of the incentive is reasonably related to the value of the referral to our business. You may opt out at any time.

PraiseLane is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page.
• For significant changes, we will notify registered users via email.
• We encourage you to review this page periodically for the latest information.

Continued use of PraiseLane after changes are posted constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.