Privacy policy

    This site uses Clerk for authentication, Supabase for application data, Vercel for hosting and telemetry, and a small amount of browser storage for preferences and read-state. The goal is to collect the least data needed to run the site safely and predictably.

    At a glance

    Updated July 10, 2026

    • Clerk handles authentication with secure session cookies; access tokens are not stored in localStorage by this app.
    • The application mirrors only the minimum account fields needed for product features, support, and authorization.
    • Theme preference, dismissed banners, and visited-post state are stored in browser storage to keep the site usable between visits.
    • Operational analytics and performance telemetry are enabled through Vercel services to improve reliability and content quality.
    • The rock-paper-scissors game supports guest play through a secure, signed cookie and stores only nicknames, avatars, and game moves — never your raw IP address.
    • Optional tips are handled by Stripe's hosted checkout, so this site never sees or stores your card details.

    Good-practice commitments

    • Use Clerk-managed secure session cookies instead of keeping auth tokens in localStorage.
    • Mirror only the profile fields needed for product features and authorization.
    • Keep authentication, persistence, and public UI concerns separated to reduce accidental exposure of sensitive data.
    • Review telemetry, logs, and new third-party integrations before release so privacy impact stays visible.

    What data is collected

    The site collects information in a few distinct categories. Some of it comes directly from you, some from your browser, and some from providers that help operate the service.

    Account and authentication data

    • Clerk user ID, email address, username, first and last name, avatar, and sign-in provider details when you create or use an account.
    • Session and security metadata handled by Clerk so the site can keep you signed in and protect account actions.

    Content you actively submit

    • Comments you write and publish under posts, including the display name shown next to them.
    • The contact form does not submit anything to this site's servers — it composes an email in your own mail app, and the message travels as ordinary email between you and the site owner.

    Technical, analytics, and security data

    • Page paths, referrers, browser and device characteristics, performance timings, and diagnostic events used to keep the site stable and fast.
    • Server-side request and error logs required for abuse prevention, troubleshooting, and service continuity.

    Browser-side preferences

    • Theme preference, dismissed banner state, visited-post cache, and rock-paper-scissors preferences (solo best streak and sound on/off) saved in your browser to preserve the experience between visits.

    Rock-paper-scissors game data

    • The game name, the nickname and avatar shown for each player, the moves you make, and the round results.
    • For guest play, a signed cookie that identifies your seat, plus a one-way key derived from your network (never your raw IP address) used only to limit spam and abuse.

    Payments for optional tips

    • When you choose to send a tip, the payment is handled by Stripe's secure checkout; this site does not receive or store your card or payment-method details.

    Why this data is processed

    • Create and maintain your account, sign you in, and keep sessions secure.
    • Synchronize a minimal profile into the application database so account-linked features can work correctly.
    • Publish, moderate, and respond to comments.
    • Run the rock-paper-scissors game, including optional guest play, invite-link matchmaking, and spam or abuse prevention.
    • Process the optional tips you choose to send through Stripe.
    • Detect abuse, investigate incidents, enforce platform rules, and maintain service reliability.
    • Measure page performance and general usage patterns so the site can be improved without adding unnecessary tracking code.

    Legal bases

    Depending on where you are located, the site may rely on one or more of the following legal bases to process personal data:

    • Performance of a contract when you ask us to create or maintain an account and provide account-linked features.
    • Legitimate interests in securing the platform, preventing abuse, operating the blog, and improving performance and reliability.
    • Consent where a feature specifically requires it under applicable law, especially if optional third-party features or future non-essential cookies are introduced.
    • Compliance with legal obligations when retention or disclosure is required by law.

    Processors and third parties

    The site relies on a limited set of infrastructure providers. These providers process data on behalf of the service or as independent controllers when you choose their sign-in or media features.

    • Clerk for identity, sign-in flows, account management, and secure session handling.
    • Supabase for application data storage such as mirrored user profiles, comments, rock-paper-scissors games, and other product data.
    • Vercel for hosting, operational analytics, and performance monitoring.
    • Stripe for securely processing the optional tips you choose to send, through its hosted checkout.
    • GitHub and Google only when you choose a social sign-in flow made available through Clerk.
    • YouTube's privacy-enhanced embed domain when you choose to load embedded video content.

    Rock-paper-scissors game

    The rock-paper-scissors game can be played with or without an account. It is built to keep only what the game needs and nothing that would track you elsewhere.

    • Game data is limited to the game name, each player's nickname and avatar, the moves played, and the round results.
    • You can play as a guest. A secure, signed cookie identifies your seat so you can keep playing and rejoin a game; page scripts cannot read it and it is not used to follow you across other sites.
    • To prevent spam and abuse, the game turns your network address into a one-way, non-reversible key. Your raw IP address is never stored or logged.
    • Solo-mode preferences, such as your best streak and whether sound is on, stay in your browser and are never sent to the server.
    • Inactive games are archived automatically, and guest identities and anti-abuse logs are removed by routine cleanup.

    Payments for optional tips

    Tips are entirely optional. When you choose to send one, you are taken to Stripe's secure hosted checkout to enter payment details. Stripe processes the payment as an independent provider under its own privacy terms; this site does not receive or store your card or payment-method details.

    Contact form

    The contact page does not send messages through this site's servers. Submitting the form opens your own email app with the message pre-filled, and the conversation continues as ordinary email between you and contact@mateusz-dev.pl. Nothing you type into the form is stored or logged by the site itself.

    Retention

    • Account mirror data is kept while your account remains active and for a limited period afterward where needed for security, backups, or legal obligations.
    • Comments and moderation data are retained while the related content remains available or while needed to enforce community and abuse-prevention rules.
    • Rock-paper-scissors games are archived automatically after a period of inactivity, and guest identities and anti-abuse logs are removed by routine cleanup.
    • Browser-side storage remains on your device until you clear site data, sign out, overwrite the preference, or your browser removes it.

    Security and storage practices

    Security is treated as an operational requirement, not just a policy statement. The current implementation favors minimal storage, provider-managed session security, and separate server-side persistence layers for account-linked data.

    • Use Clerk-managed secure session cookies instead of keeping auth tokens in localStorage.
    • Mirror only the profile fields needed for product features and authorization.
    • Keep authentication, persistence, and public UI concerns separated to reduce accidental exposure of sensitive data.
    • Review telemetry, logs, and new third-party integrations before release so privacy impact stays visible.

    Your choices and rights

    • Ask for access to the personal data associated with your use of the site.
    • Request correction or deletion of data that is inaccurate, unnecessary, or no longer required.
    • Object to certain processing or request restriction where your local law gives you that right.
    • Withdraw consent for optional processing where consent is the relevant legal basis.
    • Sign out, clear browser storage, or disable cookies in your browser, understanding that account-related features may stop working.

    Privacy requests can be sent to contact@mateusz-dev.pl. To help protect users, additional verification may be required before account-linked data is changed or deleted.

    Policy updates

    If this notice changes materially, the update date on this page will be refreshed and, where useful, the site may surface a notice in the UI. If future features introduce optional advertising or other non-essential cookies, a dedicated consent control will be added before those technologies are enabled.