Privacy Policy

Last updated: March 2026 · Effective: 20 March 2026

  This policy describes what personal data noclickbait (hirek.snailmail.hu) collects, why, how long we keep it, and your rights — in compliance with the EU General Data Protection Regulation (GDPR, 2016/679/EU).

1. Data Controller

Controller: Operator of snailmail.hu
Contact: admin@noclickba.it
Website: https://hirek.noclickba.it

2. Data We Collect

Data	Purpose	Legal basis (GDPR Art. 6)	Retention
Email address	Registration, login, password reset	(1)(b) — contract performance	Until account deletion
Username	Identification, display	(1)(b) — contract performance	Until account deletion
Password (scrypt hash)	Secure login — raw password never stored	(1)(b) — contract performance	Until account deletion
IP address	Security logging, abuse prevention	(1)(f) — legitimate interest	30 days
Session cookie	Maintain logged-in state	(1)(b) — contract performance	14 days / logout
Anonymous visitor ID (ncb_vid)	Unique visitor counting, no advertising	(1)(f) — legitimate interest	1 year
Referrer domain, device type	Aggregate traffic statistics	(1)(f) — legitimate interest	90 days

3. Cookies

ncb_session — session cookie for logged-in users. HttpOnly, Secure, SameSite=Lax. Expires: 14 days.
ncb_vid — anonymous visitor identifier (not linkable to a person). HttpOnly. Expires: 1 year.
ncb_consent — cookie consent stored in localStorage. Never sent to server.

We do not use any third-party cookies (no analytics or advertising trackers).

4. Data Sharing

We do not sell or share your personal data with third parties, except: legal obligation (court/authority request), or our hosting provider acting as a data processor under a GDPR-compliant agreement. Article summaries are generated via Gemini/Groq APIs — only article text is sent, no personal data.

5. Security

Passwords are hashed with scrypt (n=32768, r=8, p=1, 64-byte output) — we never store or see your raw password. Session tokens are stored as SHA-256 hashes. The site is HTTPS-only (TLS 1.2+).

6. Your Rights (GDPR Art. 15–22)

Exercise your rights by emailing admin@noclickba.it — we respond within 30 days:

Access (Art. 15) — request a copy of your data
Rectification (Art. 16) — correct inaccurate data
Erasure / Right to be forgotten (Art. 17)
Data portability (Art. 20) — structured, machine-readable format
Object (Art. 21) — to legitimate-interest processing

You may also lodge a complaint with your national supervisory authority (in Hungary: NAIH).

7. Automated Decision-making

We do not engage in automated decision-making or profiling.

8. Age Restriction

The service is not available to persons under 16 years of age.

9. Changes to This Policy

We will notify registered users by email of any material changes.