// LEGAL DOCUMENTATION

PRIVACY POLICY

Effective Date: March 19, 2026 | Last Updated: March 19, 2026

1. DATA CONTROLLER

CASEFILES ("we", "us", "our") operates the website casefiles.space. We are the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR).

Data Protection Officer
privacy@casefiles.space

2. DATA WE COLLECT

We collect the following categories of personal data:

Account Data

  • Email address (for authentication and notifications)
  • Username / callsign (publicly visible)
  • Password (hashed, stored by Supabase Auth)
  • Avatar configuration preferences

Usage Data

  • Comments and discussion contributions
  • Sighting reports you submit
  • Case favorites and reading progress
  • Case collection data

Technical Data

  • IP address (server logs, retained for security)
  • Browser type and version
  • Cookie consent preferences (stored locally)

3. LEGAL BASIS FOR PROCESSING

We process your data under the following legal bases (GDPR Article 6):

  • Consent -- for email notifications and optional analytics cookies
  • Contract performance -- to provide the Service and maintain your account
  • Legitimate interests -- for security, fraud prevention, and Service improvement
  • Legal obligations -- to comply with applicable laws

4. HOW WE USE YOUR DATA

  • Provide, maintain, and improve the Service
  • Authenticate and manage user accounts
  • Send transactional emails (welcome, new case notifications)
  • Moderate user-generated content
  • Analyze usage patterns to improve the Service
  • Prevent abuse, fraud, and security threats
  • Comply with legal obligations

5. THIRD-PARTY SERVICES

We share data with the following third-party processors, all of which maintain appropriate data protection agreements:

Supabase (Auth & Database)
Authentication, user data storage. Data stored in EU/US regions.
Vercel (Hosting)
Application hosting, CDN, serverless functions. Edge network.
Resend (Email)
Transactional email delivery. Processes email addresses.
Anthropic / OpenAI (AI Processing)
Case dossier generation and content analysis. No user personal data is sent.
YouTube API / Twitter API
Automated content publishing. No user personal data is shared.

We do not sell your personal data to third parties.

6. DATA RETENTION

  • Account data -- retained while your account is active, deleted within 30 days of account deletion request
  • User content -- retained while the account exists; anonymized upon account deletion
  • Server logs -- retained for up to 90 days for security purposes
  • Cookie consent -- stored locally in your browser; cleared when you clear browser data

7. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the EEA, including the United States. When this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data Processing Agreements with all processors

8. YOUR RIGHTS

Under GDPR, you have the following rights:

  • Access -- request a copy of your personal data
  • Rectification -- correct inaccurate or incomplete data
  • Erasure -- request deletion of your data ("right to be forgotten")
  • Restriction -- request that we limit processing
  • Portability -- receive your data in a machine-readable format
  • Objection -- object to processing based on legitimate interests
  • Withdraw consent -- withdraw consent at any time without affecting prior processing
  • Lodge a complaint -- file a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@casefiles.space. We will respond within 30 days.

9. AUTOMATED DECISION-MAKING

The Service uses AI (Anthropic Claude, OpenAI) for:

  • Generating case dossier analyses from raw data
  • Creating content summaries and narrations
  • Processing sighting reports

These AI systems process publicly available incident data, not your personal data. No automated decisions with legal or significant effects are made about users based solely on automated processing.

10. COOKIES

We use the following types of cookies:

Essential Cookies

Required for the Service to function. These include authentication session cookies and cookie consent preferences. These cannot be disabled.

Analytics Cookies (optional)

Used to understand how visitors interact with the Service. Only set with your explicit consent. You can manage your cookie preferences at any time via the cookie consent banner or by clearing your browser data.

For more details on our cookie usage, see the cookie consent options available at the bottom of any page.

11. CHILDREN'S PRIVACY

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe we have collected data from a child, please contact us immediately.

12. SECURITY

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Hashed password storage (via Supabase Auth)
  • Role-based access controls
  • Regular security monitoring and logging

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. For material changes, we will notify you via the Service or email. Your continued use after changes take effect constitutes acceptance.

14. CONTACT

For privacy-related inquiries or to exercise your data rights:

Data Protection Officer
privacy@casefiles.space
// SECURITY CLEARANCE NOTICE

This system uses cookies to maintain your session and operational preferences. Optional analytics cookies help us improve the archive. Privacy Policy