1. Personal Data We Collect

• Account Basics: Email address (via Google OAuth or entered by you) and nickname. We do not collect passwords.
• Automatically Collected: Cookies, timestamps, browser/OS details, IP address, language/region settings, and usage logs (e.g., page views, clicks, error logs).
• With Your Optional Consent: Marketing opt-in (email), survey/event responses, and any other optional information you provide.

2. Purposes and Legal Bases (GDPR)

• Authentication and session management (contract performance, legitimate interests)
• Core features (e.g., posting/deleting comments) (contract performance)
• Security, abuse prevention (legitimate interests/legal obligations)
• Analytics and service improvement (legitimate interests; consent where required)
• Marketing communications (opt-in consent; withdraw anytime)

The applicable legal basis may vary by jurisdiction; where consent is required, we will request it explicitly.

3. Retention and Deletion

• Account identifiers (email, nickname): Deleted without undue delay when you delete your account.
• User-generated content (e.g., comments): Deleted when you remove it or upon account deletion, except where retention is required by law.
• Examples (vary by country): transaction/dispute records (up to 5 years), access logs (at least 3 months).

4. Sharing with Third Parties

We do not sell or share personal information for cross-context behavioral advertising. When you sign in with Google OAuth, we receive your email and basic profile to verify your identity.

5. International Transfers

Our infrastructure (e.g., cloud/CDN) may be located outside your country/region. For EU/UK users, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs). Where local laws (e.g., PIPL) require additional measures, we will comply accordingly.

6. Cookies and Similar Technologies

We use cookies to maintain sessions, store language/region settings, and improve the Service. You can control cookies via your browser, though some features may not work properly if disabled.

We do not currently respond to “Do Not Track” signals in a standardized way, but we continue to enhance privacy protections.

7. Security Measures

• Encryption in transit/at rest, access controls, least-privilege principles
• No password collection (magic links/Google OAuth) to minimize password-related risks
• Abuse prevention: anomaly detection, rate limiting, and similar safeguards

8. Your Rights

• Access, rectification, deletion; restriction/objection; withdraw consent (e.g., marketing)
• EU/UK: data portability; right to lodge a complaint with a Data Protection Authority
• California: rights to know, delete, correct, limit use of sensitive information; opt-out (where applicable)

To exercise rights, contact us using the details below. We may request additional information to verify your identity.

9. Children’s Privacy

The Service is not available to children under 13. Where local law requires a higher age (e.g., 14–16 in some EU countries), access is restricted accordingly.

10. Marketing Communications

We send marketing emails only with your explicit opt-in. You can unsubscribe at any time. Service-critical notices (e.g., security or legal updates) may be sent regardless of marketing preferences.

11. Third-Party Services and Links

The Service may link to third-party sites/services. We are not responsible for their privacy practices. Please review their policies.

12. Changes to this Policy

We will notify you via in-service notices or email if material changes are made. Where required, we may seek renewed consent.

13. Contact