Privacy Policy

Last updated: April 2026

1. What Data We Collect

Vox Populi collects only the data necessary to operate the platform:

  • Account data: email address, username, and password hash — required to create and secure your account.
  • OAuth data: provider user ID and encrypted tokens if you sign in via Google, GitHub, or 42.
  • Activity data: bets placed, votes, and comments — required for platform operation.
  • Point ledger: Like Points (LP), Betting Points (BP), and Truth Points (TP) transactions.
  • Session data: authentication tokens stored in secure, HTTP-only cookies.
  • Server logs: IP address and user agent, retained for 90 days for security purposes.

2. How We Use Your Data

  • To provide and maintain the prediction market platform.
  • To authenticate your identity and protect your account.
  • To calculate and display reputation scores.
  • To generate AI-powered market summaries (using anonymized excerpts, if you have not opted out).
  • To send notifications about your bets and market activity.

3. Third-Party Data Sharing

We share limited data with the following services:

ServiceData SharedPurpose
Google OAuthEmail, nameAuthentication
GitHub OAuthEmail, usernameAuthentication
42 School OAuthEmail, loginAuthentication
OpenRouter (LLM)Anonymized comment excerptsMarket summarization

We never share passwords, point balances, full discussion threads, or IP addresses with third parties.

4. Data Retention

  • Account data: retained until account deletion, plus 30 days.
  • Activity data: 3 years after your last activity.
  • Point ledger: 5 years (financial record-keeping).
  • Session data: access tokens expire in 15 minutes; refresh tokens in 7 days.
  • Server logs: automatically deleted after 90 days.
  • LLM inputs: processed transiently and never stored.

5. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: export all your data from the Settings page.
  • Erasure: delete your account, which pseudonymizes your data to preserve platform integrity.
  • Rectification: update your username, email, and profile information.
  • Portability: download your data in JSON format.
  • Object: opt out of AI/LLM features in Settings.

6. Cookies

Vox Populi uses only essential cookies:

  • refresh_token: HTTP-only, Secure, SameSite=Strict — 7 days — maintains your session.
  • access_token: HTTP-only, Secure, SameSite=Lax — 5 hours — authenticates API requests.

We do not use tracking cookies, analytics cookies, or third-party cookies.

7. Contact

For privacy-related questions or to exercise your rights, please open an issue on our GitHub repository.

Terms of Service · Back to Home