Privacy Policy

This Privacy Policy explains what personal data wikigtavi (the “Site”) collects about you, why we collect it, how we use it and your rights under UK GDPR and EU GDPR. We try to keep the language plain and the scope as narrow as possible.

1. Who is the data controller

wikigtavi (the “we”, “us”, “our”) is the data controller for the personal data described in this policy. You can contact us at hello@wikigtavi.com.

2. What data we collect

Data you provide directly

• Account data: username, email address, password hash, optional bio, country and avatar colour
• Contributed content: article edits, comments, screenshot annotations, version notes
• Public activity: comments, ratings, likes, edits to articles
• Correspondence: emails or contact-form submissions you send us

Data collected automatically

• Technical data: IP address (truncated for analytics), browser type, device type, referring URL
• Usage data: pages visited, search terms, session duration
• Cookies: small text files stored on your device. See section 6.

3. Why we use your data (lawful basis)

Under UK and EU GDPR every use of personal data needs a lawful basis. Ours are:

• Contract: to give you an account, host your contributions and let you log in
• Legitimate interests: to keep the Site running, prevent abuse, protect against fraud and improve our service
• Legal obligation: to respond to copyright takedowns, lawful requests from authorities, and tax/accounting requirements
• Consent: for non-essential cookies and any optional marketing communications. You can withdraw consent at any time.

4. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients, and only as needed:

• Hosting and infrastructure providers: Vercel (web hosting and CDN) and Supabase (database, authentication, file storage)
• Email delivery: for transactional account emails
• Analytics: privacy-respecting aggregate analytics, where deployed
• Authorities: where required by law, court order or to protect our rights

Some of these providers may process data outside the UK or EEA. Where that is the case, we rely on Standard Contractual Clauses or other approved safeguards to keep your data protected.

5. How long we keep data

• Account data: for as long as your account is active. Deleted within 30 days of account deletion.
• Public edits and comments: kept indefinitely as part of the public wiki record, unless removed by you or by us under our moderation policy
• Server logs: typically up to 30 days, longer if needed for security or legal reasons
• Backups: rolling backups are overwritten within 60 days

6. Cookies

We use a small number of cookies and similar technologies:

• Essential cookies: login session, anti-CSRF tokens, basic preferences (light/dark theme). Cannot be disabled without breaking the Site.
• Analytics cookies: aggregate, anonymised usage statistics. Loaded only after you give consent (where required).

You can clear cookies in your browser at any time. Doing so will log you out and reset preferences.

7. Your rights

You have the following rights over your personal data:

• Access: get a copy of the data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: delete your data (“right to be forgotten”)
• Restriction: limit how we process your data
• Portability: receive your data in a portable format
• Objection: object to processing based on legitimate interests
• Withdraw consent: at any time, where processing relies on consent
• Complain: to your local data protection authority. In the UK that is the Information Commissioner's Office (ICO).

To exercise any of these rights, email hello@wikigtavi.com. We will respond within 30 days.

8. Children

The Site is not intended for children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We use TLS encryption in transit, encrypted password hashing, and access controls on our infrastructure. No system is perfect, however, and we cannot guarantee absolute security. If we ever suffer a personal-data breach affecting you, we will notify you and the relevant supervisory authority where required by law.

10. Changes to this policy

We may update this Privacy Policy. The current version is always available at this URL with the “Last updated” date above.

11. Contact

Questions about your data? Email hello@wikigtavi.com or visit our Contact page.

This policy is provided as a starting template and does not constitute legal advice. We recommend having it reviewed by a qualified data protection professional before relying on it in production.