Privacy Policy

Last updated: May 2026

1. Data we collect

Email (required for account), username, optional userpic, wallet address (if connected), Discord ID (if linked), activity log on the Site (likes, views, requests).

2. Why we collect it

To provide authentication, personalize the gallery experience, process payments, fulfill commissioned work, and award gamification rewards (XP, badges).

3. Third parties

We share data with: Stripe (payments), Resend (auth emails), Plunk (notification emails), Cloudflare (Turnstile security), Sentry (error tracking), Umami (anonymous analytics), Discord (role sync if you link). All operate under their own privacy policies.

4. Cookies

We use an httpOnly session cookie for authentication. We use anonymous analytics (Umami) which respects DNT. No advertising trackers.

5. Your rights (GDPR)

• Access — export all your data anytime via Profile → Settings → Download my data (JSON).
• Deletion — soft-delete your account anytime via Danger Zone. Full deletion on written request.
• Rectification — edit your username and userpic in Settings.

6. Retention

Active accounts: indefinitely. Inactive (soft-deleted) accounts: data retained 30 days, then anonymized. Logs and analytics: 90 days.

7. Security

Passwords are not stored (we use magic-links). Database backups are encrypted. We follow industry standards for data security.

8. Contact

For privacy concerns or data requests: mail@ilyakazakov.com