Privacy Policy

Effective date: March 9, 2026

1. Data We Collect

When you sign in, we collect your email address, username, and profile information (display name, avatar) from your OAuth provider (GitHub or Google). We also store a unique provider ID to link your account.

2. How We Use Your Data

Your data is used solely to operate the Service: authenticating you, displaying your profile, and associating content with your account. We do not sell your personal data to third parties.

3. Cookies

We use the following cookies:

• elephant_token — session authentication (httpOnly, secure)
• theme — your light/dark mode preference
• sidebar — sidebar open/closed state
• view — list/grid view preference

We do not use third-party tracking cookies or analytics.

4. Third-Party Services

• Cloudflare — hosting, CDN, and infrastructure (Workers, D1, R2, KV)
• GitHub OAuth — authentication
• Google OAuth — authentication
• Google Fonts — font delivery

5. Data Retention

Your account data is retained as long as your account is active. Document content is stored until you delete it. Burn link content is automatically deleted upon expiry or first view.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. You may delete your published content at any time through the Service.

7. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), httpOnly session cookies, and secure infrastructure provided by Cloudflare.

8. Changes to This Policy

We may update this policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, contact us at hello@elephant.md.