Unique Content Assignment Policy and Data Processing Notice (GDPR)
Last updated: 04/12/2025
Data Controller and Contact Information
The Data Controller of personal data, pursuant to Regulation (EU) 2016/679 (GDPR), is:
- Controller: Common Index
- Contact Email: info@commonindex.xyz
Collected Data and Purpose of Processing
The Service is designed to guarantee exclusivity. Data collection is limited to what is strictly necessary for the delivery of the Unique Exclusive Content (UEC).
A. Processed Data
We collect and process the following data:
- Email Address: Contact address provided by the user during registration.
- Assignment Data: The unique identifier (UUID) assigned by the Supabase authentication infrastructure.
- Log Data: Timestamp, assignment status, and transaction errors necessary for verification.
B. Purposes and Legal Bases
| Purpose of Processing | Data Used | Legal Basis for Processing (GDPR) |
|---|---|---|
| UEC Assignment | Email, Assignment Data | Execution of a Contract (Art. 6(1)(b) GDPR); the User registers to receive the content. |
| Communication Sending | Explicit Consent (Art. 6(1)(a) GDPR), given upon sign-up. | |
| Security and Tracking | Assignment Data, Log Data | Legitimate Interest of the Controller (Art. 6(1)(f) GDPR) to ensure system integrity. |
Nature of the Unique Exclusive Content (UEC)
This section establishes the specific clauses on the content that differentiate your service.
A. Exclusivity Guarantee ("Assurance" Clause)
- Controller's Commitment: The Controller undertakes to ensure that the UEC is assigned only once to a single email address and that this content has not been previously assigned to other registered Users. This exclusivity is verified and guaranteed through an atomic transaction mechanism in the database, which blocks the assignment of the content to any other User concurrently.
- Limitation of Liability: The Controller assumes no liability for any subsequent dissemination, sharing, copying, or access to the UEC by third parties due to User negligence (e.g., email forwarding, screen sharing) or system breaches outside the Controller's control. The User is solely responsible for the custody of the UEC.
B. Intellectual Property
The UEC remains the exclusive intellectual property of the Controller or its licensors, even after assignment to the User. The User is granted a personal and non-transferable license for the sole purpose of viewing and/or using it for the purposes stated by the Service.
Right to Withdrawal and Data Retention
A. Duration and Deletion
Data is retained for the time strictly necessary to achieve the purposes indicated above. The Email Address and related Assignment Data will be stored until the withdrawal of consent or a request for erasure is made by the User.
B. Exercise of Rights
The User has the right to request access, rectification, erasure (right to be forgotten), restriction of processing, objection to processing, and data portability from the Controller. These rights can be exercised by sending a communication to info@commonindex.xyz.
Security Measures and External Processors
- External Processors: Data is processed by third parties essential for the provision of the Service. These include, but are not limited to, the database and authentication provider (Supabase) and the email service provider (Resend).
- Security: The Controller adopts appropriate technical and organizational measures to protect personal data from loss, misuse, unauthorized access, or disclosure. Such measures include, but are not limited to, encryption, firewalls, and secure access protocols (e.g., management of service keys and RLS policies in Supabase).
