Effective [EFFECTIVE_DATE]. Review by counsel required (GDPR / UK GDPR / CCPA-CPRA as applicable).

What we collect.

• Account: an email address or phone number, used only to sign you in (one-time link/code). We do not store a phone number as a contact field — only as an auth credential.
• Content you submit: your cases, updates, backings, comments, and any evidence (screenshots, links) you choose to add.
• Limited technical data: basic, privacy-respecting security and rate-limiting signals (salted hashes, never raw addresses at rest). No third-party analytics are currently in use.

What we don’t collect.We don’t ask for or store sensitive personal vaults — no home addresses, no platform passwords, no government ID. Connecting a social account (optional) is used only to prove you’re the affected party; it is never used to track you and a ban on that platform never affects your Chirp account.

How we use it. To operate the service, sign you in, display and rank cases, send the emails you opt into (e.g. newsletter, case updates), and keep the platform safe. We do not sell your personal data, and we don’t run third-party ad tracking.

Email. We use Resend to send transactional and newsletter email. Opting into updates never publishes your email or makes it public.

Your rights. You can access, correct, export, and delete your account and content at any time. For requests or questions: [PRIVACY_EMAIL]. [GDPR legal-basis table, retention periods, transfer basis, and CCPA disclosures per counsel.]

Children. Chirp is not directed to children under [AGE]; we don’t knowingly collect their data.