Last updated: September 4, 2025
This Privacy Policy explains how we collect, use, disclose, and protect personal information for users in the European Economic Area (EEA) and North America (including the United States and Canada). The policy is written in plain English and is intended to meet the requirements of the EU General Data Protection Regulation (GDPR) and applicable North American privacy frameworks (including the California Consumer Privacy Act — CCPA).
The data controller for personal data collected through this website and our services is the project owner (contact details below). If you need to exercise your privacy rights or have questions, use the contact information in section 12.
We only store the essential information required to identify and operate user accounts. This includes:
We may also store minimal technical data (such as IP address and browser user-agent) for security, fraud prevention, and to provide basic hosting/diagnostic support. We do not store unnecessary sensitive data.
We use cookies or equivalent technologies only as needed for session management, security, and minimal functional analytics. For optional analytics or advertising cookies (if any), we will request consent where required by law. You may control cookie settings via your browser or device.
We may share personal data with trusted third-party providers who perform services on our behalf (for example, hosting, authentication providers, email delivery). We require such providers to process data consistent with this policy and applicable law and to implement appropriate security measures.
Data may be stored or processed in countries outside your home jurisdiction, including the United States and Canada. When personal data is transferred from the EEA to countries without an adequacy decision, we rely on appropriate safeguards (such as standard contractual clauses) or other lawful transfer mechanisms to protect your data.
We retain personal data only for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. For example, account data is retained while the account is active and for a limited period after account deletion to support backups, fraud prevention, or legal compliance.
EU / EEA residents: you have rights under the GDPR including the right to access, rectify, erase, restrict processing, object to processing, and request data portability. To exercise these rights, contact us using section 12.
California residents (CCPA): you have the right to request disclosure of categories of personal information collected, the right to request deletion of personal information (with exceptions), and the right to opt-out of the sale of personal information. We do not sell personal information without providing an opt-out mechanism where required by law.
To make a request we will ask you to verify your identity. We will respond to verified requests in accordance with applicable law.
We implement reasonable technical and organizational measures to protect personal data from unauthorized access, loss, misuse, or alteration. Examples include encryption of stored passwords, HTTPS/TLS for data in transit, access controls, and logging for security purposes. No method of transmission or storage is 100% secure; therefore we cannot guarantee absolute security.
If you have questions, want to exercise your rights, or otherwise need to contact the data controller, please use the project's primary contact channel (e.g., site owner email). If you would like us to add a specific contact address here, please provide it and we will update this policy.
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a clear "Last updated" date. Material changes will be communicated via prominent notice on the site or by email as required by law.
This file is located at /PrivacyPolicy/privacy-policy.html inside the frontend static assets. To make it reachable from the public website, link to it from the site navigation or copy this file to your web root during deployment (for example to /privacy-policy.html or a dedicated /legal/ path).