Privacy Policy
Short version: we collect the minimum needed to run a profile-sharing site, we don't run analytics or trackers, and we don't sell or share your data with anyone.
1. What we collect
- Account details. Signing in uses an external identity provider (Google, GitHub, or another OpenID Connect provider). We store the username and email address the provider shares with us. We never see or store your password.
- Content you contribute. Filament profiles you upload or edit, including their revision history. Profiles you mark public are visible to everyone and licensed AGPL-3.0 (see the Terms).
- Download events. Each profile download is counted to compute popularity. If you're signed in, the event is associated with your account; anonymous downloads are counted without identifying you.
- Action log. Account actions (sign-in, sign-out, uploads, edits, deletions, downloads) are recorded with your IP address and browser user-agent string. This log exists for security and abuse response, is append-only, and is visible only to site staff.
- Server logs. Standard web-server request logs (IP address, URL, timestamp) exist transiently at our hosting provider for operations and debugging.
2. Cookies
We set only the cookies the site needs to function: a session cookie (to keep you signed in) and a CSRF cookie (to protect forms). There are no analytics, advertising, or third-party tracking cookies.
3. How your data is used
To operate the site: authenticating you, attributing your profiles, computing download counts, and investigating abuse or security incidents. Nothing else โ no advertising, no profiling, no sale or sharing of personal data with third parties.
4. Third parties
- Identity providers. When you sign in via Google, GitHub, or another OIDC provider, that provider's own privacy policy governs what it records about the sign-in.
- Hosting. The site and its database run on a cloud hosting provider, which processes traffic on our behalf.
5. Retention and deletion
Profiles and their revision history are kept until you delete them. The action log is retained for security purposes. Server logs at the hosting provider rotate automatically.
To delete your account and associated personal data, contact the operator (see the source repository for contact details). Note that profiles you published are AGPL-licensed and copies made by others may persist; we can delete or anonymize what this site stores.
6. Changes
Material changes to this policy will be announced on the front page before they take effect.