Privacy Policy
Effective Date: October 18, 2025
1. Information We Collect
1.1 Information You Provide
When you sign in with X (Twitter), we collect:
- X User ID: Your unique X identifier (used for authentication)
- X Username: Your @handle (displayed when you vote, if applicable)
- Profile Information: Display name and profile picture (optional display)
1.2 Automatically Collected Information
When you use the Platform, we automatically collect:
- Usage Data: Pages viewed, features used, time spent
- Device Information: Browser type, device type, screen resolution
- Session Data: Login/logout times, session duration
- IP Address: For security and fraud prevention
1.3 User Preferences
We store your preferences locally and on our servers:
- LocalStorage: View density, card order, favorites, tutorial completion
- Database: Synced preferences for logged-in users (same as localStorage)
- Voting Records: Which projects you voted for (private, used to prevent duplicate votes)
2. How We Use Your Information
We use collected information for:
| Purpose | Data Used |
|---|---|
| Authentication | X User ID, session tokens |
| Vote Counting | X User ID, project ID, vote type |
| Personalization | Favorites, card order, view preferences |
| Fraud Prevention | IP address, voting patterns, session data |
| Platform Improvement | Usage analytics, feature adoption |
| Security | Login activity, suspicious behavior detection |
3. Data Storage and Security
3.1 Where We Store Data
- Database: MySQL/MariaDB hosted on secure servers
- Sessions: Server-side sessions with httponly, secure cookies
- LocalStorage: Client-side browser storage (stays on your device)
3.2 Security Measures
We protect your data with:
- OAuth 2.0 PKCE: Industry-standard authentication
- Prepared Statements: SQL injection prevention
- CSRF Tokens: Cross-site request forgery protection
- Secure Sessions: httponly, SameSite=Strict cookies
- HTTPS: Encrypted data transmission (when available)
- Input Sanitization: XSS attack prevention
3.3 Data Retention
- Active Users: Data retained while account is active
- Inactive Users: Data may be deleted after 2 years of inactivity
- Votes: Retained indefinitely for platform integrity
- Logs: Kept for 90 days for security purposes
4. Information Sharing
4.1 What We Share
We do NOT sell your personal information. We only share data in limited circumstances:
- Public Information:
- Vote counts are public (aggregate numbers)
- Project information is public
- Your username MAY be visible if we add "voted by" features (not currently implemented)
- Service Providers:
- Hosting providers (for server infrastructure)
- X (Twitter) OAuth for authentication
- Legal Requirements:
- When required by law or legal process
- To prevent fraud or security threats
- To protect our rights and property
4.2 What We Don't Share
- Individual voting records
- Your IP address
- Your session data
- Your personal preferences
5. Third-Party Services
5.1 X (Twitter) OAuth
We use X OAuth for authentication. When you sign in:
- You're redirected to X's authentication page
- X shares your user ID and profile info with us (with your permission)
- X's privacy policy applies: https://twitter.com/privacy
5.2 External Links
The Platform contains links to project websites, X profiles, Discord servers, and other external sites. We are not responsible for their privacy practices.
6. Cookies and Tracking
6.1 Cookies We Use
| Cookie | Purpose | Duration |
|---|---|---|
PHPSESSID |
Session management, authentication | Session (deleted on logout) |
oauth2_state |
OAuth security verification | Temporary (minutes) |
6.2 LocalStorage
We use browser LocalStorage for:
tutorialCompleted- Track if you've seen the tutorialcard_order_[category]- Your custom card arrangementsfavorites- Your favorited projectsviewDensity- Your preferred grid densitydismissed_[section]- Hidden callout boxes
6.3 Analytics
We currently do NOT use Google Analytics or similar third-party tracking services. All analytics are first-party only.
7. Your Privacy Rights
7.1 Access and Correction
You have the right to:
- Access: Request a copy of your data
- Correction: Update incorrect information
- Deletion: Request deletion of your account and data
7.2 Data Portability
You can export your data by contacting us. We'll provide your voting records and preferences in JSON format.
7.3 Opt-Out
- Logout: Clears your session and stops data collection
- Clear LocalStorage: Delete preferences from your browser
- Delete Account: Contact us to permanently remove your data
8. Children's Privacy
Abstract Explorer is not intended for users under 13 years old. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.
9. International Users
The Platform is hosted in the United States. If you access it from outside the US, your data will be transferred to and processed in the US. By using the Platform, you consent to this transfer.
10. California Privacy Rights (CCPA)
If you're a California resident, you have additional rights:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We don't sell personal information, so no opt-out needed
- Non-Discrimination: We won't discriminate for exercising your rights
11. European Privacy Rights (GDPR)
If you're in the EU/EEA, you have rights under GDPR:
- Legal Basis: We process data based on consent and legitimate interests
- Data Controller: Abstract Explorer is the data controller
- Right to Object: Object to processing of your data
- Right to Restriction: Restrict how we process your data
- Right to Erasure: "Right to be forgotten"
- Supervisory Authority: File a complaint with your local data protection authority
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Effective Date." Continued use of the Platform after changes constitutes acceptance.
13. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify affected users within 72 hours
- Describe the nature of the breach
- Explain steps we're taking to address it
- Provide recommendations to protect your account
14. Contact Us
For privacy-related questions, requests, or concerns:
- Email: privacy@gmgnrepeat.com
- Feedback: Use the floating feedback button
- Data Requests: Email us with "Privacy Request" in the subject line
We'll respond to privacy requests within 30 days.