Privacy notice

Small footprint,
plain language.

Companions.wiki does not run advertising or third-party analytics. This notice covers the limited data used for contributions, collections, moderation, and device-local preferences.

Effective and reviewed
01 / At a glance

No ad profile. No tracking pixel.

Reading public pages does not require an account. The site does not intentionally use advertising cookies, behavioral analytics, cross-site trackers, or affiliate attribution. Server providers still receive ordinary request data such as IP address, user agent, route, and time for delivery, abuse prevention, and operational logs.

No advertising profile

Browsing is not sold or used for personalized ads.

Local preferences stay local

Theme, saved robots, and edit capability tokens remain in your browser unless you submit them.

02 / What is stored

Only when a feature needs it.

Evidence contributions
Submission text, type, public source URL, optional name and email, moderation status, timestamps, and an abuse-prevention hash. Contact details and unresolved notes are not published.
Shared collections
Collection title, description, selected robot slugs, notes, visibility, timestamps, and a hashed edit token. Public collections are discoverable; unlisted collections are available to anyone with the link.
Moderation identity
On the trusted Sites gateway, a verified ChatGPT sign-in email may be read server-side to check the editor allowlist. Public Vercel requests are never trusted merely because they supply an identity header.
Device-local state
Theme, saved robots, recently viewed dossiers, Finder state, and collection edit tokens may be stored in your browser. Clearing site data removes them from that device.
Email updates
Email signup is disabled until verified delivery, consent, and one-click unsubscribe are available. Use the public RSS feeds instead.
03 / Retention

Purpose sets the clock.

Published contribution resolutions and revision events are retained as part of the public editorial record. Private contact details are kept only for review, follow-up, dispute handling, and abuse prevention, then removed when they are no longer needed. Collection records remain until an editor holding the collection’s edit capability deletes them. Operational provider logs follow the hosting provider’s security and service-retention settings.

If a legal, safety, fraud, or security obligation requires a longer period, the affected record may be retained only for that purpose. Backups and distributed caches can take a limited additional period to expire after deletion.

04 / Processors

Infrastructure, not an ad network.

The production site uses OpenAI Sites and Cloudflare infrastructure for web delivery, durable D1 storage, security, and operational logging. GitHub stores the public source repository. A Vercel build may be used for static preview or transition deployments, but database-backed features are enabled only on the trusted D1-capable runtime.

Linked manufacturer, research, Creative Commons, or other third-party sites receive a request only when you choose to open their link; their own privacy policies apply.

05 / Your choices

Control follows the data.

  • Browse without creating an account or sharing an email address.
  • Omit optional contact details from an evidence contribution.
  • Keep a collection unlisted, or delete it with its locally stored edit capability.
  • Clear saved robots, recent history, theme, and draft state through your browser’s site-data controls.
  • Request access, correction, or deletion of data you submitted, subject to public-record and security obligations.
06 / Privacy requests

Give us enough to find it—no more.

Use the contribution form and choose “Correction.” Begin the details with “Privacy request” and include the durable submission or collection reference if you have it. Do not send identity documents or unrelated sensitive information. We may need a narrow proof that you control the address, token, or record involved.

Open the request form