Privacy policy

Last updated: May 2026. This notice is drafted with EU GDPR principles in mind and should be adapted to your actual processing and jurisdiction.

1. Data controller

The controller of personal data collected through nocta.lol is the Site publisher, whose contact details appear on the legal notice page.

2. Data we process and purposes

We may process the following categories:

Account: email address, password (stored hashed — never as plaintext on our servers beyond the secure authentication flow), and technical account identifiers.
Public profile: username, text, display preferences, and media you attach to your page (e.g. avatar).
Technical data: security logs and metadata (approximate IP, user-agent, timestamps) to prevent abuse (spam, bots, overload).
Cookies and local storage: strictly necessary session / functionality cookies where applicable; local storage for certain UI preferences where used.

Purposes include: providing the service, authentication, displaying profiles, aggregated internal statistics, security, legal compliance, and product improvement.

3. Legal bases

Contract performance (terms of use) for accounts and profiles; legitimate interests for security and fraud prevention; legal obligation where applicable; consent where required (e.g. optional marketing or non-essential cookies if you add them).

4. Retention

Account data is kept for as long as you use the service, then deleted or archived according to legal needs (e.g. disputes, accounting where relevant). Technical logs may be retained for a limited period compatible with system security.

5. Processors / recipients

Data may be processed by our infrastructure providers, including Supabase (database, auth, storage) and Cloudflare (delivery and edge security), under appropriate contractual terms and international transfer mechanisms where applicable.

6. Your rights

Depending on applicable law (including GDPR where it applies), you may have rights of access, rectification, erasure, restriction, objection, portability, and instructions regarding data after death (where recognised).

To exercise your rights, contact the publisher using the details on the legal notice page. If you are in the EU and disagree with our response, you may lodge a complaint with your local supervisory authority.

7. Security

We implement appropriate technical and organisational measures (encryption in transit, access controls, hashed passwords, limited admin access). No processing is risk-free; where a breach affects your data, we may notify you or regulators as required by law.

Replace every [To complete] placeholder on legal pages with accurate publisher identity and contact. This document is not a substitute for personalised legal advice.