Legal

Privacy Policy

Version 2026-07-13.2. Effective July 13, 2026.

1. Scope and operator

This policy explains how CarpeDiction collects and handles personal information when you browse the service, create an account, search, post comments, save favorites, upload a profile image, or register, sign in, or connect an identity provider. CarpeDiction is operated by Zachery A. Bielicki, who is the controller of account information described here.

2. Information collected

3. How information is used

Information is used to:

Depending on where you live, these activities rely on performance of the service agreement, legitimate interests in security and operation, compliance with law, and your affirmative choices for optional features.

4. When information is disclosed

CarpeDiction does not sell personal information, use it for cross-context behavioral advertising, or run third-party advertising or analytics trackers.

5. Cookies and local storage

CarpeDiction uses an HTTP-only session cookie that lasts up to 30 days to keep you signed in. Short-lived, HTTP-only cookies protect optional Google or Apple authentication, registration, and connection flows. These cookies are necessary for requested account functions. The service does not use advertising cookies or cross-site tracking cookies, so it does not display a marketing cookie banner.

6. Retention

7. Your choices and rights

The account page lets you view and correct your username and email, set or change a password, replace or remove your profile image, export favorites, disconnect providers, and delete your account. A provider-only account must retain a sign-in provider until a password is set. Depending on your location, you may also have rights to request access, correction, deletion, restriction, objection, or portability and to complain to a data protection authority. CarpeDiction will not discriminate against you for exercising an applicable privacy right.

Contact the operator for a request not available in the account page. Identity verification may be required before account information is disclosed or changed.

8. International processing

Infrastructure, lexical, storage, and identity providers may process information in the United States and other countries. Those locations may have different data-protection laws. Where required, appropriate contractual or legal safeguards should be used for international transfers.

9. Security

CarpeDiction uses password hashing when a password is set, verified provider identity, HTTP-only cookies, origin checks, input validation, rate limits, least-privilege storage access, and server-side credentials. No online service can guarantee absolute security. Use a unique password when setting one and report suspected unauthorized access promptly.

10. Children

CarpeDiction is a general-audience service and is not intended for children under 13. An account applicant must confirm they are at least 13. If the operator learns that personal information was collected from a child under 13 without legally valid authorization, the account and associated personal information will be reviewed and deleted as required.

11. Policy changes

This page identifies its version and effective date. Material changes will receive a new version and, when required, an in-product notice or renewed acceptance before account features continue.

12. Contact

Contact the operator with privacy questions or requests. Do not send passwords, session tokens, identity-provider tokens, or other authentication secrets.

Contact Zachery A. Bielicki