Privacy
Collect only what is necessary, keep email addresses private and separate public identity from account identity.
Staging site
The staging build stores profiles, feedback, votes and preferences in your browser using local storage. Clearing browser data removes it.
Production site
Firebase will handle authentication. The website will not store passwords. Public feedback may be named or anonymous, while the submitting account remains privately traceable for abuse prevention.
Uploads
Supporting PDFs should remain private by default and be accessible only to authorised reviewers. Local possession does not grant permission to republish them.
Voting controls
A browser identifier and short-term abuse controls may be used to limit duplicate voting. Raw IP addresses should not be retained longer than necessary.
What the production engagement system stores
The Cloudflare-ready system stores verified email, optional profile information, contribution text, targeted section, votes, reports, subscription preferences and operational email records in a D1 database. Secure session cookies are HTTP-only. Passwords are not created or stored.
Public contributions may be published under a chosen display name or as Anonymous. Administrators can still associate a contribution with its verified account for moderation and abuse prevention.
Turnstile and Cloudflare infrastructure may process technical security information. Email addresses are not sold or shared with advertisers.
