Privacy Policy

We use your personal data for the following purposes:

• To provide our service: Creating and managing your account, displaying your stories, and processing likes
• To personalize your experience: Showing you your submitted stories, liked stories, and earned badges
• To communicate with you: Providing in-app notifications for winner announcements and challenge updates
• To improve our platform: Analyzing usage patterns to enhance features and user experience
• To ensure security: Detecting and preventing fraud, abuse, and security issues. Story content is sent to Google's Perspective API for automated content moderation (with a "do not store" directive)
• To comply with legal obligations: Responding to legal requests and enforcing our Terms and Conditions

Under GDPR, we process your data based on:

• Contract: Processing necessary to provide our service (account management, story display, voting)
• Consent: Newsletter subscriptions and optional profile information (you can withdraw consent at any time)
• Legitimate interests: Platform improvement, security, and fraud prevention
• Legal obligation: Compliance with applicable laws and regulations

Your data is stored securely using industry-standard practices:

• Database: We use Supabase, a secure cloud-based database service with encryption at rest and in transit
• Passwords: All passwords are securely hashed using industry-standard algorithms (bcrypt)
• Access controls: Only authorized personnel have access to user data, and only when necessary for platform operation
• HTTPS: All data transmitted between your browser and our servers is encrypted using SSL/TLS

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but we continuously work to protect your data.

We retain your personal data for as long as:

• Your account is active
• Necessary to provide our services or comply with legal obligations
• You have not requested deletion (subject to legal retention requirements)

You may delete individual stories you have submitted while the weekly challenge is still active. Deleting a story permanently removes it along with all associated likes. Once a challenge has ended and winners have been announced, stories can no longer be deleted.

When you delete your account, we will anonymize your stories (they remain on the platform as part of challenge archives but are attributed to "Deleted User"). Your personal data (email, username, profile information) will be permanently deleted immediately, unless we are required to retain it for legal reasons.

We do not sell your personal data. We may share data with:

• Other users: Your username, display name, stories, and public profile information are visible to other users
• Service providers: Third-party services that help us operate the platform, including:
  • Supabase for database hosting and authentication
  • Vercel for hosting and privacy-friendly analytics
  • Google (OAuth sign-in, Perspective API for content moderation)
  • Gravatar (Automattic) for avatar images based on email hash
• Legal requirements: When required by law, court order, or to protect our rights and safety

All third-party service providers are required to protect your data and use it only for the purposes we specify.

As a user in the EU, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): Request deletion of your personal data
• Right to restriction: Request that we limit how we use your data
• Right to data portability: Request a copy of your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time (for processing based on consent)
• Right to lodge a complaint: File a complaint with your local data protection authority

You can exercise several of these rights directly from your Account Settings, including downloading a copy of your data (data portability) and deleting your account (erasure). You can also delete individual stories while the weekly challenge is still active, from the story page or your profile. You can manage your cookie preferences from the same settings page. For any other requests, please contact us through our website. We will respond within 30 days.

We use cookies and similar technologies to improve your experience:

• Essential cookies: Required for the platform to function (e.g., authentication, session management)
• Analytics: We use Vercel Analytics, a privacy-friendly analytics service, to understand how users interact with the platform. Vercel Analytics does not use tracking cookies or collect personal data, and is always active regardless of cookie preferences
• Preference cookies and local storage: Remember your settings and preferences. We also use browser local storage to save your cookie preferences, story drafts, and notification history

When you first visit DustyProse, you will be shown a cookie consent banner where you can accept all cookies or limit them to essential only. This controls preference cookies only — analytics are always active as they are privacy-friendly and cookie-free. You can change your cookie preferences at any time from your Account Settings. You can also control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Through our contact form
• By email at [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local data protection authority.