Trust, Security & Privacy
This page is maintained by the Poyela team to answer common security and privacy questions about Poyela. It describes our current practices and is not an independent certification or audit.
Accounts & Authentication
Creators, brands, and admins sign in with email and password or with Google. Sessions are managed through industry-standard tokens with secure cookie/session handling.
Administrative actions are restricted to users with an explicit admin role, enforced server-side on every request — not by the browser.
Platform & Hosting
The Poyela web app runs on a managed serverless edge runtime. Application data, authentication, and storage are provided by our managed backend platform (Lovable Cloud, powered by Supabase/Postgres). Lovable provides the platform; Poyela operates the application built on top of it. Use of these platform capabilities does not constitute a Lovable certification of Poyela.
Data Protection
Traffic to poyela.com is served over HTTPS. Data in our managed database is encrypted at rest by the platform provider. Row-level access rules restrict each user to the records they are authorized to see (e.g. a creator can only see their own submissions).
Sensitive operations — approvals, payments, role changes — are performed by authenticated server functions with role checks, not by client-side code.
Data We Collect & Why
We collect the information you provide to use the service: account details (name, email), creator application information, project submissions and uploaded video files, messages and notifications, and payment-related records required to remit payouts.
We use this data to operate the platform, match creators with projects, process payments, send transactional notifications, and improve the product.
Subprocessors & Integrations
We rely on a small set of trusted providers to operate the service, including our hosting and database platform (Lovable Cloud / Supabase), email delivery, and file/video storage. We only share the data each provider needs to perform its function.
Cookies & Analytics
We use cookies and similar technologies that are necessary to keep you signed in and to operate core features of the site. We may use privacy-respecting analytics to understand aggregate usage and improve the product.
Retention & Deletion
We keep account and project data for as long as your account is active or as needed to provide the service, comply with legal obligations (such as tax and payment records), resolve disputes, and enforce our agreements. You can request deletion of your account by contacting us.
Your Privacy Requests
You can request access to, correction of, or deletion of your personal data by emailing us. We will respond within a reasonable timeframe and may need to verify your identity before acting on the request.
Security Contact & Vulnerability Reporting
If you believe you have found a security issue affecting Poyela, please email support@poyela.com with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.
Shared Responsibility
Security is a shared responsibility. Our platform provider operates the underlying infrastructure; Poyela configures and operates the application; and you help keep your account safe by using a strong, unique password, protecting your sign-in methods, and reporting anything that looks wrong.
