Privacy Policy

1. What we collect

When you create an account we store your username, email address, and a securely hashed version of your password. When you post a comment we store the comment text and timestamp.

2. Why we collect it

• To authenticate you and prevent abuse.
• To display your comments on the site.
• To send a one-time verification email when you register.

3. Third-party services

We use the following services that may process your data:

• Vercel — hosting and serverless functions.
• Turso (libSQL) — database storage.
• Resend — transactional email delivery.

Each service processes data on our behalf and under their own privacy policies.

4. Cookies

We use a single session cookie (set by NextAuth.js) that is strictly necessary for authentication. We do not use tracking or advertising cookies.

5. Your rights

Under GDPR and similar regulations you can:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure— delete your account and all associated data at any time using the “Delete Account” button on the site when signed in.
• Portability — request your data in a portable format.

6. Data retention

Your data is kept for as long as your account exists. When you delete your account, your user record and all comments are permanently removed.

7. Contact

If you have questions about this policy or wish to exercise any of your rights, email us at whalefacts660@gmail.com.