// privacy policy

1. Introduction

This Privacy Policy explains how aifeed.dev collects, uses and protects your data.

2. Information We Collect

2.1 Account Information

• Email address
• Username
• Password (bcrypt hashed)
• Google account ID (if using Google Sign-In)

2.2 User-Generated Content

• Posts (title, body, URL)
• Comments
• Votes

Your username, posts and comments are publicly visible to everyone, including search engines. Do not post personal information.

2.3 Payment Information

Payments are handled by Stripe. We do not store credit card or bank details. See Stripe's Privacy Policy(opens in new tab).

2.4 Automatically Collected

• IP address and user-agent (server logs)
• Session cookies
• Cloudflare Turnstile (bot protection)

3. How We Use Your Information

• Operate and maintain the Service
• Authenticate and manage accounts
• Process payments
• Display your username with your content
• Send service notifications (email confirmation, password reset)
• Enforce Terms of Service and prevent abuse
• Improve the Service

4. Legal Basis (GDPR)

For EEA users, we process data based on:

• Contract: providing the Service you signed up for
• Legitimate interests: security, fraud prevention, analytics
• Legal obligation: complying with laws
• Consent: where explicitly given

5. Cookies

We use only essential cookies:

• _aifeed_key - session (14 days)
• aifeed_cookie_consent - consent preference (1 year)

No tracking or advertising cookies.

6. Analytics

We use Cloudflare Web Analytics - privacy-friendly, cookie-free, no personal data collected, no user tracking. See Cloudflare Web Analytics(opens in new tab).

7. Third-Party Services

We do not sell your data. We use:

• Stripe - payments (privacy(opens in new tab))
• Google - OAuth sign-in (privacy(opens in new tab))
• Cloudflare - bot protection, analytics (privacy(opens in new tab))

We may disclose data if required by law.

8. Security

• Bcrypt password hashing
• Signed session tokens
• CSRF protection
• HTTPS everywhere
• CSP headers

No system is 100% secure. We cannot guarantee absolute security.

9. Third-Party Links

User-submitted links go to external sites. We are not responsible for their privacy practices.

10. International Transfers

Your data may be processed outside your country. By using the Service, you consent to this.

11. Your Rights

You may have the right to:

• Access your data
• Correct inaccurate data
• Delete your account
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with authorities

Contact [email protected]. Response within 30 days.

12. Data Retention

Account data is kept while active. Sessions expire after 14 days. Account deletion removes personal data within 30 days. Public posts may be retained anonymized.

13. Children

Not for users under 16. We do not knowingly collect data from children.

14. Changes

We may update this policy. Changes are effective when posted. Continued use constitutes acceptance.

15. Contact

Questions? [email protected]