bookbook

Privacy Policy

Last updated: February 5, 2026

Introduction

Welcome to DustyProse. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform. DustyProse is operated from Italy and complies with the EU General Data Protection Regulation (GDPR) and Italian data protection laws.

1. Data Controller

The data controller responsible for your personal data is DustyProse, operating from Italy. If you have any questions about this Privacy Policy or how we handle your data, please contact us through our website contact form.

2. What Data We Collect

Information you provide to us:

  • Account information: Email address, username, display name, and password (encrypted)
  • Profile information: Optional bio, profile picture, and other profile customizations
  • Content: Stories you submit, likes you give, and any other content you post on the platform
  • Communications: Messages you send through contact forms or newsletter subscriptions

Information automatically collected:

  • Usage data: Pages you visit, stories you read, features you use, time spent on the platform
  • Device information: IP address, browser type, device type, operating system
  • Cookies and similar technologies: See our Cookies section below for more details

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide our service: Creating and managing your account, displaying your stories, processing likes and votes
  • To personalize your experience: Showing you your submitted stories, liked stories, and earned badges
  • To communicate with you: Sending weekly challenge notifications, winner announcements, and newsletter updates (if you subscribed)
  • To improve our platform: Analyzing usage patterns to enhance features and user experience
  • To ensure security: Detecting and preventing fraud, abuse, and security issues
  • To comply with legal obligations: Responding to legal requests and enforcing our Terms and Conditions

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract: Processing necessary to provide our service (account management, story display, voting)
  • Consent: Newsletter subscriptions and optional profile information (you can withdraw consent at any time)
  • Legitimate interests: Platform improvement, security, and fraud prevention
  • Legal obligation: Compliance with applicable laws and regulations

5. How We Store and Protect Your Data

Your data is stored securely using industry-standard practices:

  • Database: We use Supabase, a secure cloud-based database service with encryption at rest and in transit
  • Passwords: All passwords are encrypted using secure hashing algorithms
  • Access controls: Only authorized personnel have access to user data, and only when necessary for platform operation
  • HTTPS: All data transmitted between your browser and our servers is encrypted using SSL/TLS

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but we continuously work to protect your data.

6. Data Retention

We retain your personal data for as long as:

  • Your account is active
  • Necessary to provide our services or comply with legal obligations
  • You have not requested deletion (subject to legal retention requirements)

When you delete your account, we will anonymize your stories (they remain on the platform as part of challenge archives but are attributed to "Anonymous" or "Deleted User"). Your personal data (email, username, profile information) will be permanently deleted within 30 days, unless we are required to retain it for legal reasons.

7. Sharing Your Data

We do not sell your personal data. We may share data with:

  • Other users: Your username, display name, stories, and public profile information are visible to other users
  • Service providers: Third-party services that help us operate the platform (e.g., Supabase for database hosting, email service providers for newsletters)
  • Legal requirements: When required by law, court order, or to protect our rights and safety

All third-party service providers are required to protect your data and use it only for the purposes we specify.

8. International Data Transfers

Our primary operations are based in Italy (EU). However, some of our service providers may be located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or Privacy Shield certification (where applicable), to protect your data in accordance with GDPR requirements.

9. Your Rights Under GDPR

As a user in the EU, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data
  • Right to restriction: Request that we limit how we use your data
  • Right to data portability: Request a copy of your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (for processing based on consent)
  • Right to lodge a complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us through our website. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

  • Essential cookies: Required for the platform to function (e.g., authentication, session management)
  • Analytics cookies: Help us understand how users interact with the platform (we may use services like Google Analytics)
  • Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

11. Children's Privacy

DustyProse is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If we discover that a child under 13 has provided us with personal data, we will delete it immediately. If you believe a child has provided us with personal data, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on the platform or sending you an email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

  • Through our website contact form
  • By email (contact information available on our website)

If you are not satisfied with our response, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local data protection authority.

By using DustyProse, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.

bookbook