Next 9 Months Logo

Privacy Policy

Last updated: January 2026

Next 9 Months is a digital product by SpaaS LTD, a company registered in Bulgaria. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect the information you provide.

Who We Are

SpaaS LTD
Legal ID (EIK): 208363226
Registered in: Bulgaria
Email: info@next9months.com

What We Collect

Depending on how you use Next 9 Months, we may collect the following personal data:

Account and Authentication Data

  • Email address
  • Authentication method
  • Account identifiers generated by our authentication provider

Guest Participation Data (Public Polls & Events)

  • Your name (first and last name) provided to vote or comment
  • A randomly generated participant identifier used to associate your votes/comments and help prevent abuse
  • Content you submit (e.g. chat messages, comments, votes, and congratulations messages)

Subscription and Payment Data (Premium users only)

  • Subscription plan and billing status
  • Payment-related identifiers provided by our payment processor (e.g. customer ID, subscription ID)
  • We do not store full payment card details

Usage and Technical Data (optional)

  • Product usage and interaction events, only if you explicitly consent to analytics
  • Device and browser information required for security and performance

Support and Communications

  • Information you provide when contacting us for support or account-related inquiries

Why We Collect It

We use your data to:

  • Create and manage your user account
  • Authenticate users via Google OAuth or email link
  • Provide access to Free and Premium features
  • Manage subscriptions, billing status, and payments
  • Enable participation in public polls and events (displaying your name with your votes/comments and preventing duplicate or abusive activity)
  • Send essential transactional emails (login links, account notices, subscription updates)
  • Improve the reliability, security, and performance of the service
  • Detect, prevent, and mitigate abuse, fraud, and automated bot activity

We do not sell your personal data to third parties.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process personal data based on:

  • Contractual necessity – to provide account access, features, and subscriptions
  • Consent – for optional analytics and non-essential cookies
  • Legitimate interests – to secure the platform, prevent abuse, and maintain service integrity
  • Legal obligation – where required for accounting, tax, or regulatory compliance

You may withdraw your consent for optional processing at any time through cookie or privacy settings.

Data Retention

We keep personal data only for as long as needed to provide the service, comply with legal obligations, and protect the platform from abuse.

  • Guest participation data in our database: When you vote or comment in a public poll or event, we store your name and a participant identifier alongside your submitted content. This data is retained while the poll/event remains available and the creator’s account remains active. If the creator deletes their account (or the poll/event is deleted), associated participation data is removed as part of normal deletion.
  • Guest participation data on your device: We may store your name and a random identifier in your browser’s local storage to help you continue participating without re-entering your details. For public events, this expires automatically (currently up to 30 days after the event’s reveal date). For public polls, it is kept until the poll ends or is no longer available. You can clear this at any time by removing site data in your browser.

How We Store Your Data

We rely on the following service providers:

ServicePurposeData Stored
SupabaseAuthentication, database, and file storageAccount and application data
VercelApplication hosting and infrastructureNo direct user personal data
ResendTransactional email deliveryEmail address and message metadata
StripePayments and subscription managementPayment-related identifiers and billing status
PostHogProduct analytics (optional)Usage and interaction data (only with consent)
Cloudflare TurnstileBot prevention and abuse protectionSecurity-related request signals
SentryError monitoring and diagnosticsTechnical error data with limited contextual information
StrapiBlog content managementNo user account or personal data

All providers are GDPR-compliant or rely on approved data transfer mechanisms.

Cookies and Tracking

We use essential cookies required for authentication, security, and core application functionality.

Optional analytics cookies are used only after explicit consent via our cookie preferences interface.

You can manage or withdraw your consent at any time through the cookie preferences interface.

Additional details are available in our separate Cookies Policy.

Your Rights

Under GDPR, you have the right to:

  • Access the personal data we store about you
  • Request correction or deletion of your data
  • Withdraw your consent at any time
  • Lodge a complaint with a Data Protection Authority
  • Request export of your personal data
  • Request account deletion through the application (where available)

To exercise any of these rights, contact us at info@next9months.com.

Contact

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at:

SpaaS LTD
Bulgaria
info@next9months.com

Privacy Policy | Next 9 Months | Next 9 Months