Privacy Policy

1. Introduction

This Privacy Policy explains how Ranfft DB collects, uses, stores, and protects information when you access or use the service.

By using Ranfft DB, you acknowledge that your information will be handled as described in this policy.

2. Information We Collect

Ranfft DB may collect account information provided during registration, including:

• username;
• email address;
• full name;
• mini bio;
• password hash.

Passwords are stored as hashes and are not stored in plain text.

We may also collect content you submit, including corrections, caliber data, images, comments, contact form messages, and moderation-related activity.

3. Payment Information

Supporter subscriptions are processed by third-party payment providers such as Stripe and/or PayPal.

Ranfft DB may store payment-related identifiers, including:

• subscription ID;
• customer ID;
• payer ID;
• supporter status;
• supporter expiration date;
• payment webhook event data for troubleshooting and dispute handling.

Ranfft DB does not store credit card numbers, bank account details, or full payment credentials.

4. Audit Logs and Activity Data

Ranfft DB logs certain activity for security, abuse prevention, moderation, troubleshooting, and rate limiting.

Audit logs may include:

• user ID or anonymous access identifier;
• action type;
• HTTP method;
• requested URL;
• IP address;
• user agent;
• request parameters;
• timestamps.

Audit logs are pruned after 90 days by automated process, unless longer retention is required for security, legal, or operational reasons.

5. Cookies and Sessions

Ranfft DB uses cookies and similar technologies for:

• authentication;
• session management;
• "remember me" login functionality;
• CSRF protection;
• security controls.

Ranfft DB does not use advertising cookies.

You may disable cookies in your browser, but some features may stop working correctly.

6. Analytics and Bot Protection

Ranfft DB may use Google Tag Manager for analytics and event tracking, including page views, section views, and login-related events.

Ranfft DB may use Google reCAPTCHA v3 to protect login and contact forms from spam, abuse, and automated access.

These third-party services may process technical data according to their own privacy policies.

7. Email Delivery

Ranfft DB may use Resend or similar providers to send transactional emails, including:

• account verification;
• password reset;
• contact form notifications;
• service-related messages.

These providers process email addresses and message metadata as needed to deliver email.

8. How We Use Information

Ranfft DB uses collected information to:

• create and manage accounts;
• authenticate users;
• provide user, supporter, moderator, and admin features;
• process supporter subscriptions;
• prevent abuse and automated attacks;
• enforce rate limits;
• moderate submissions;
• maintain the public archive;
• troubleshoot errors;
• respond to contact requests;
• comply with legal obligations.

9. Public Contributions

Content submitted to Ranfft DB may become part of the public archive. This may include caliber data, corrections, images, attribution, and related contribution history.

Because Ranfft DB is an archival reference project, accepted contributions may be retained even if an account is later deactivated, deleted, or anonymized, unless removal is legally required or operationally appropriate.

10. Anonymous Users

Anonymous access may use a shared system account and does not require direct personal registration data.

However, IP address, user agent, request data, and activity logs may still be collected for rate limiting, abuse detection, security, and service integrity.

11. Data Retention

Ranfft DB retains information as follows:

• account data: retained while the account remains active;
• soft-deleted accounts: username and email may be retained for audit integrity and abuse prevention;
• audit logs: normally pruned after 90 days;
• supporter event logs: retained for payment history, troubleshooting, and dispute resolution;
• public archive contributions: retained as part of the database, with attribution where applicable;
• contact messages: retained as long as reasonably necessary to handle the request.

12. Data Sharing

Ranfft DB does not sell personal data.

Information may be shared with third-party service providers only as needed to operate the service, including payment processing, analytics, bot protection, email delivery, hosting, security, and troubleshooting.

Information may also be disclosed if required by law, legal process, security investigation, enforcement of terms, or protection of the rights and safety of Ranfft DB, users, or others.

13. Security

Ranfft DB uses reasonable technical and organizational measures to protect account data and service integrity, including password hashing, CSRF protection, logging, rate limiting, and access controls.

No online service can guarantee absolute security.

14. Your Rights

Depending on your location, you may have rights to:

• access your personal data;
• correct inaccurate data;
• request deletion of personal data;
• object to or restrict certain processing;
• request data portability;
• withdraw consent where processing is based on consent.

Some requests may be limited by audit requirements, legal obligations, payment dispute needs, security needs, or preservation of public archive contributions.

To exercise these rights, contact us at: [email protected]

15. Children

Ranfft DB is not intended for children. Users must be old enough to create an account and use online services under the laws applicable to them.

If we become aware that we have collected personal data from a child where prohibited by law, we will take reasonable steps to delete it.

16. International Users

Ranfft DB may be accessed from different countries. By using the service, you understand that your information may be processed in countries where the service, hosting providers, or third-party processors operate.

17. Changes to This Policy

Ranfft DB may update this Privacy Policy from time to time. Material changes will be posted on the website or communicated through appropriate means.

Continued use of the service after changes become effective means you acknowledge the updated policy.

18. Contact

For privacy-related questions, requests, or complaints, contact us at: [email protected]

Effective date: May 27, 2025