Privacy Policy
This policy explains what data Wasted Tokens collects, why, and how it is protected. We keep it short and in plain language.
1. Data Controller
The data controller is the operator of wastedtokens.com. For any privacy-related request contact us at privacy@wastedtokens.com.
2. What We Collect
| Data | Source | Purpose |
|---|---|---|
| Google account ID, email address | Google OAuth 2.0 sign-in | Authentication & account identity |
| Display name, profile picture URL | Google OAuth 2.0 sign-in | Shown alongside your stories and comments |
| Story content & title | Submitted by you | Published on the platform after moderation |
| Votes | Your interactions | Ranking stories; preventing duplicate votes |
| Session cookie | Browser (server-set) | Keeping you logged in during your visit |
| Server logs (IP address, timestamp, user-agent) | Automatically via the web server | Security, abuse prevention, debugging |
We do not collect payment information, track you across third-party sites, or sell your data to anyone.
3. Legal Basis (GDPR)
- Contract performance — processing your account data and content is necessary to provide the service you signed up for.
- Legitimate interests — server logs and security monitoring are necessary to operate a safe platform.
- Consent — by completing Google sign-in you consent to your profile data being used as described above. You may withdraw consent at any time by deleting your account (see §6).
4. AI-Assisted Content Moderation
Every story you submit is reviewed by an AI moderation system before being published. The story text is sent to a large-language model (currently running locally via Ollama) to check whether it complies with our community guidelines.
No story content is sent to external AI providers unless we explicitly update this policy to reflect that change.
5. Third-Party Services
- Google OAuth 2.0 — used for authentication. Google's own privacy policy applies to the sign-in flow.
- Social sharing — "Share on X/Twitter" and "Share on LinkedIn" buttons send the story URL to those platforms only when you click them. No data is sent automatically.
- Font Awesome — icon assets are loaded from a CDN; the CDN may log your IP address per its own privacy policy.
6. Data Retention
- Account data and published stories are kept for as long as your account is active.
- Server logs are retained for a maximum of 90 days.
- Session cookies expire when you close your browser or log out.
7. Your Rights
Under GDPR you have the right to:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure ("right to be forgotten") — request deletion of your account and all associated data.
- Restriction — ask us to pause processing while a dispute is resolved.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, email privacy@wastedtokens.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority (e.g. Garante della Privacy in Italy, ICO in the UK).
8. Cookies
We use a single session cookie (HTTP-only, Secure) to keep you authenticated. No advertising, analytics, or tracking cookies are set by this site.
9. Security
All data is transmitted over HTTPS. Passwords are never stored — authentication is delegated entirely to Google. Your data is stored in a PostgreSQL database accessible only to the application server.
10. Changes to This Policy
We may update this policy as the service evolves. Material changes will be announced on the site. Continued use after the effective date constitutes acceptance of the updated policy.
Contact
Questions about this policy? Write to privacy@wastedtokens.com.