Log in Register
Early access: if you spot something broken or have an idea, let us know.

Privacy Policy

Last updated: 7 March 2026

What we collect

When you create an account we collect your email address, a username you choose, and a hashed version of your password. We never store your password in plain text.

When you are logged in, we store a session token in a cookie to keep you authenticated. This cookie is HTTP-only and not accessible to JavaScript.

We log standard web server access logs (IP address, browser type, page requested, timestamp). These are used for debugging and security purposes and are not shared with third parties.

If you submit a guide or post a comment, that content is stored in our database and associated with your username.

What we do not collect

We do not use advertising tracking cookies. We do not run advertising of any kind. We do not sell or share your personal data with third parties for marketing purposes. We do not use third-party analytics scripts that track you across the web.

Cookies

We use one functional cookie: a session cookie named session that keeps you logged in. It expires after 30 days. If you do not create an account, no cookies are set.

We also load fonts from Google Fonts. Google may set its own cookies subject to Google's privacy policy. If you prefer to avoid this, you can block fonts.googleapis.com in your browser.

Email

We use your email address only to send transactional emails: account-related notifications such as password reset links. We do not send marketing emails. We use Resend to deliver email. Your email address is transmitted to Resend's servers for delivery.

Data retention

Your account data is kept for as long as your account exists. You can delete your account at any time from your settings page. Deleting your account removes your personal information and all your guides and comments from our database.

Server access logs are retained for up to 90 days.

Your rights

You have the right to access the data we hold about you, to correct it, and to delete it. You can change your username, bio, and password from your settings. To delete your account entirely, use the delete option in settings. If you have any other requests regarding your data, contact us via the about page.

If you are in the European Economic Area, you have rights under the GDPR including the right to data portability and the right to lodge a complaint with your local data protection authority.

Security

All traffic is served over HTTPS. Passwords are hashed using bcrypt. Session tokens are randomly generated and stored securely. We take reasonable precautions, but no system is completely secure. Use a unique password for your account.

Changes

We may update this policy from time to time. The date at the top of this page will reflect the most recent update. Continued use of the site after changes constitutes acceptance of the updated policy.