Privacy Policy

• We use AI to provide helpful context on posts, but we don't train AI models on your data.
• We use PostHog for analytics, Mailgun for emails, and Cloudflare Images for image hosting.
• We never sell, rent, or trade your personal information to third parties.
• You can delete your account anytime - we keep your data for 30 days, then permanently remove it.
• You have full rights to access, correct, or delete your personal information.

We use the information we collect to:

• Provide, maintain, and improve the Platform and its features
• Personalize your experience and recommend relevant content and spaces
• Communicate with you about your account, updates, and notifications
• Ensure platform security, prevent fraud, and enforce our Terms of Service
• Analyze usage patterns and improve our services
• Comply with legal obligations and respond to legal requests
• Send marketing communications with your consent (you may opt out at any time)

Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Performance of a Contract: We process your data to provide the services you signed up for, as described in our Terms of Service.
• Legitimate Interests: We process data for security, fraud prevention, service improvement, and analytics based on our legitimate interest in operating a safe platform.
• Consent: We rely on your consent for sending marketing communications and using analytics cookies, which you can withdraw at any time.
• Legal Obligation: We process data when required to comply with legal requirements or respond to lawful requests from authorities.

We use artificial intelligence to help maintain the quality and accuracy of discussions on Sankira:

• Our "Additional Context" feature uses AI to analyze posts and provide helpful context, alternative perspectives, or fact-checking information.
• Only post text is sent to our AI provider—no personal information (email, IP address, etc.). Our AI provider doesn't train models on your data or retain it.
• This feature is automatic for certain content and is clearly labeled.

We retain your personal information only as long as necessary to provide our services and comply with legal obligations. Here are our specific retention periods:

• Account Data: Account deletion starts a 30-day recovery period. After 30 days, we permanently delete your personal information.
• Posts and Comments: Deleted posts/comments are immediately replaced with "[deleted]" placeholders with no author info. Content is permanently removed after 30 days.
• Analytics Data: Analytics data (usage patterns, page views, engagement metrics) retained for up to 2 years.
• Server Logs: Technical logs (IP addresses, access times) kept for 30 days, then automatically deleted.
• Backup Data: Deleted data may persist in backups for up to 30 days before being permanently purged from all systems.
• Legal Compliance: If required by law or ongoing legal proceedings, we may retain specific data for longer periods as legally mandated.

We don't sell, rent, or trade your personal information. We only share data with these service providers:

Service Providers We Use:

• Infrastructure Provider: Hosts our servers with access limited to what's necessary for physical and network security, governed by a GDPR-compliant Data Processing Agreement.
• AI Provider: Provides AI for our Additional Context feature. We only send post/comment text—no personal information. Your data isn't used for model training.
• PostHog: Analytics platform that helps us understand how users interact with Sankira. PostHog stores data on EU servers.
• SendGrid: Email service provider for transactional emails (account verification, password resets, notifications).
• Cloudflare: Provides image hosting and CDN services for faster, more reliable image delivery worldwide.

Other Sharing Circumstances:

We may also share your information in these limited situations:

• When required by law, legal process, or government request.
• To protect the rights, property, or safety of Sankira, our users, or the public.
• In connection with a business transaction, like a merger or acquisition, with appropriate notice to users.
• With your explicit consent for specific purposes.
• In aggregated or anonymized form that can't be used to identify you personally.

We implement security measures including encryption, secure servers, access controls, and regular security assessments to protect your information. However, no internet service is completely secure.

We provide these rights to all users globally:

Your Rights:

• Access: Request a copy of the personal data we hold about you, including details about what we've collected, used, or disclosed.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and personal data (30-day recovery period available).
• Portability: Request your data in JSON format.
• Restriction: Request that we limit how we process your personal information in certain circumstances.
• Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent: Where we process data based on your consent, you can withdraw it at any time.
• Opt-out: Unsubscribe from marketing emails at any time.
• File a Complaint: Contact regulators if you believe we've mishandled your data.
• Non-Discrimination: No discrimination for exercising privacy rights.

How to Exercise Your Rights:

You must be at least 16 years old to use Sankira, or 13 if permitted by your country's laws. EU users must be 16 unless their country allows a lower age limit with appropriate consent.

We don't knowingly collect personal information from children below these age limits. If you're a parent or guardian and believe your child has provided us with personal information, contact us at privacy@sankira.com. We'll take immediate steps to remove any information collected from children below the legal age without proper consent.

If a data breach occurs, we'll:

• Investigate immediately and contain the breach
• Notify regulatory authorities within 72 hours if required by law
• Notify you without delay if the breach poses high risk to your rights
• Provide details about what data was affected, consequences, our response, and recommended steps

If you believe your account has been compromised, contact privacy@sankira.com immediately and change your password.

We may update this Privacy Policy to reflect changes in our practices, services, or laws. Material changes will be indicated by updating the "Last Updated" date and may include additional notice.

We use cookies to deliver a secure, personalized experience:

Types of Cookies:

• Essential Cookies: Required for authentication, keeping you signed in, and remembering preferences.
• Analytics Cookies: Help us understand how you use the Platform through anonymous usage analytics, error tracking, and performance monitoring. This data guides product improvements.

Managing Your Preferences:

You'll see a consent banner on your first visit where you can accept or decline analytics cookies. Essential cookies are always enabled. Clear browser cookies to change your choice.

Third-Party Services:

We use PostHog for analytics to collect anonymous usage data, error tracking, and performance monitoring. PostHog processes data according to their privacy policy and stores data on EU servers.

Cookie Lifespan:

Authentication cookies persist across browser sessions to keep you signed in. You can sign out at any time to clear them.

Questions about this Privacy Policy, data practices, or privacy rights? Contact privacy@sankira.com. For general support, use Platform support channels.