Version 2026-06-12 — working draft, placeholder copy pending legal review.
What we store
Your account: name, email address, avatar, username, and which login providers you connected. Your content: the builds, posts, reviews, and images you publish. Operational records: session tokens, sign-in tokens, and rate-limit counters, each of which expires and is pruned.
What we don't do
No ad tracking, no analytics beacons, no selling or sharing of personal data. Webfonts are served from a GDPR-safe host (bunny.net) without tracking. Emails are sent only when you ask for one — a sign-in link.
Where it lives
Data is stored on Cloudflare infrastructure (D1 database, R2 file storage). Login is handled by the provider you choose — Google OAuth or a one-time email link; Bassilisk never sees or stores a password.
Your rights
You can edit your profile at any time. To export or delete your account and its data, contact the operator listed in the Impressum. Deleting your account removes your profile, sessions, and provider links.
Changes
When this policy changes, the version date above changes and you will be asked to accept the new version before posting again.