Privacy & Data Protection
Privacy Notice
Version 1 · Last updated 2026
Who we are
Elenchos is a citizen-journalism intelligence dashboard. This notice explains what personal data we collect when you create an account and how we use it. It is aligned with the EU General Data Protection Regulation (GDPR).
For questions or to exercise your rights, contact us at privacy@elenchos.live.
What we collect
- Authentication identifier: the OAuth subject ID returned by Google or X when you sign in. We never see or store your password — authentication happens entirely on the provider's side.
- Profile metadata: the email address, display name, and avatar URL released to us by your chosen identity provider (Google).
- Consent records: timestamp and version of the privacy notice you accepted, plus your browser user-agent.
- Session cookie: a strictly necessary cookie that keeps you signed in.
We do not collect passwords, run email/password accounts, use advertising cookies, third-party analytics, or behavioural tracking. We do not sell your data.
Where your data is stored
Your account and consent records are stored in Lovable Cloud (managed Supabase / PostgreSQL) on EU-region infrastructure. Authentication tokens are exchanged over TLS and stored encrypted at rest.
Lawful basis: contract (Art. 6(1)(b) GDPR) to provide the dashboard you signed up for, and consent (Art. 6(1)(a)) for the cookie banner choice you made.
Cookies
We use one strictly-necessary session cookie to keep you signed in. No tracking, advertising, or analytics cookies are set. You can clear cookies at any time via your browser settings — you will be signed out.
Your rights (GDPR)
- Right to access (Art. 15) — request a copy of your data.
- Right to rectification (Art. 16) — correct inaccurate data.
- Right to erasure (Art. 17) — request account deletion.
- Right to restrict / object to processing (Art. 18 & 21).
- Right to data portability (Art. 20).
- Right to lodge a complaint with your national supervisory authority.
To exercise any right, email privacy@elenchos.live. We respond within 30 days.
Communication
Because authentication is delegated to Google and X, we do not send confirmation or password-reset emails. We only contact you for essential service or security notices using the email released by your identity provider. No marketing emails are sent without separate, explicit opt-in, and you can unsubscribe at any time from any non-essential message.