Privacy Policy

    How this site handles personal data

    This site uses Clerk for authentication, Supabase for application data, Vercel for hosting and telemetry, and a small amount of browser storage for preferences and read-state. The goal is to collect the least data needed to run the site safely and predictably.

    Read the cookies policyContact for privacy requests
    At a glance
    Last updated: June 1, 2026
    • Clerk handles authentication with secure session cookies; access tokens are not stored in localStorage by this app.
    • The application mirrors only the minimum account fields needed for product features, support, and authorization.
    • Theme preference, dismissed banners, and visited-post state are stored in browser storage to keep the site usable between visits.
    • Operational analytics and performance telemetry are enabled through Vercel services to improve reliability and content quality.
    Good-practice commitments
    Operational standards followed in the current implementation.
    • Use Clerk-managed secure session cookies instead of keeping auth tokens in localStorage.
    • Mirror only the profile fields needed for product features and authorization.
    • Keep authentication, persistence, and public UI concerns separated to reduce accidental exposure of sensitive data.
    • Review telemetry, logs, and new third-party integrations before release so privacy impact stays visible.

    What data is collected

    The site collects information in a few distinct categories. Some of it comes directly from you, some from your browser, and some from providers that help operate the service.

    Account and authentication data

    • Clerk user ID, email address, username, first and last name, avatar, and sign-in provider details when you create or use an account.
    • Session and security metadata handled by Clerk so the site can keep you signed in and protect account actions.

    Content you actively submit

    • Comments, feedback messages, and any optional contact details you provide when using those forms.
    • Public-facing content you choose to publish, such as your display name and comment text.

    Technical, analytics, and security data

    • Page paths, referrers, browser and device characteristics, performance timings, and diagnostic events used to keep the site stable and fast.
    • Server-side request and error logs required for abuse prevention, troubleshooting, and service continuity.

    Browser-side preferences

    • Theme preference, dismissed banner state, and visited-post cache saved in your browser to preserve the experience between visits.

    Why this data is processed

    • Create and maintain your account, sign you in, and keep sessions secure.
    • Synchronize a minimal profile into the application database so account-linked features can work correctly.
    • Publish, moderate, and respond to comments or feedback submissions.
    • Detect abuse, investigate incidents, enforce platform rules, and maintain service reliability.
    • Measure page performance and general usage patterns so the site can be improved without adding unnecessary tracking code.

    Legal bases

    Depending on where you are located, the site may rely on one or more of the following legal bases to process personal data:

    • Performance of a contract when you ask us to create or maintain an account and provide account-linked features.
    • Legitimate interests in securing the platform, preventing abuse, operating the blog, and improving performance and reliability.
    • Consent where a feature specifically requires it under applicable law, especially if optional third-party features or future non-essential cookies are introduced.
    • Compliance with legal obligations when retention or disclosure is required by law.

    Processors and third parties

    The site relies on a limited set of infrastructure providers. These providers process data on behalf of the service or as independent controllers when you choose their sign-in or media features.

    • Clerk for identity, sign-in flows, account management, and secure session handling.
    • Supabase for application data storage such as mirrored user profiles, comments, and other product data.
    • Vercel for hosting, operational analytics, and performance monitoring.
    • GitHub and Google only when you choose a social sign-in flow made available through Clerk.
    • YouTube's privacy-enhanced embed domain when you choose to load embedded video content.

    Retention

    • Account mirror data is kept while your account remains active and for a limited period afterward where needed for security, backups, or legal obligations.
    • Comments and moderation data are retained while the related content remains available or while needed to enforce community and abuse-prevention rules.
    • Feedback messages are kept only as long as reasonably necessary to review, respond, and maintain an audit trail for support or abuse handling.
    • Browser-side storage remains on your device until you clear site data, sign out, overwrite the preference, or your browser removes it.

    Security and storage practices

    Security is treated as an operational requirement, not just a policy statement. The current implementation favors minimal storage, provider-managed session security, and separate server-side persistence layers for account-linked data.

    • Use Clerk-managed secure session cookies instead of keeping auth tokens in localStorage.
    • Mirror only the profile fields needed for product features and authorization.
    • Keep authentication, persistence, and public UI concerns separated to reduce accidental exposure of sensitive data.
    • Review telemetry, logs, and new third-party integrations before release so privacy impact stays visible.

    Your choices and rights

    • Ask for access to the personal data associated with your use of the site.
    • Request correction or deletion of data that is inaccurate, unnecessary, or no longer required.
    • Object to certain processing or request restriction where your local law gives you that right.
    • Withdraw consent for optional processing where consent is the relevant legal basis.
    • Sign out, clear browser storage, or disable cookies in your browser, understanding that account-related features may stop working.

    Privacy requests can be sent to contact@mateusz-dev.pl. To help protect users, additional verification may be required before account-linked data is changed or deleted.

    Policy updates

    If this notice changes materially, the update date on this page will be refreshed and, where useful, the site may surface a notice in the UI. If future features introduce optional advertising or other non-essential cookies, a dedicated consent control will be added before those technologies are enabled.