Privacy Policy

highlight.page ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

• To create and operate your account and public profile page.
• To send transactional emails (email verification, password reset, enforcement notifications).
• To investigate reports of abuse and enforce our Terms of Service.
• To maintain security and prevent fraud.
• To improve and develop the Service (using aggregated, anonymized analytics).

We do not use your data for advertising, and we do not sell your personal information to third parties.

We share data only in the following cases:

• Infrastructure providers: Cloud hosting, database, and object storage providers process data on our behalf under data processing agreements.
• Email delivery: Transactional emails are sent via a third-party email service (e.g., Amazon SES). Only your email address and message content are shared.
• Legal obligations: We may disclose data when required by law, court order, or to protect the rights and safety of users or the public.

Information you include on your public profile page (display name, bio, links, images, etc.) is visible to anyone on the internet. Do not include information on your public profile that you do not want to be publicly accessible.

Setting your profile to "Private" or having it placed "Under Review" will prevent public access to your profile page, but the data remains stored in our systems.

• Account and profile data: retained while your account is active.
• After account deletion: profile content is deleted within 30 days; uploaded images within 7 days. Moderation logs may be retained for up to 3 years for abuse prevention.
• Server logs: retained for up to 90 days.
• Hashed IP addresses in reports and inquiries: retained for up to 1 year.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (most profile data can be edited directly in your dashboard).
• Delete your account and associated data.
• Restrict or object to certain processing.
• Data portability — receive your data in a machine-readable format.

To exercise these rights, email [email protected]. We will respond within 30 days.

We use a session cookie solely to keep you logged in. We do not use tracking cookies or third-party advertising cookies. Language preference is stored in your browser's local storage.

We use industry-standard measures including HTTPS encryption, hashed passwords, and access controls. No system is perfectly secure; we will notify affected users promptly in the event of a data breach.

The Service is not directed to children under 13. If we become aware that a child under 13 has provided personal data, we will delete it promptly. Contact us at [email protected] if you have concerns.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice at least 14 days before taking effect.

Privacy-related enquiries: [email protected]