Effective Date: June 14, 2026 | Version: 1.0

This Privacy Policy describes how PUMKIIN.TECH ("we," "us," or "our") at pumkiin.tech collects, uses, and stores information when you visit or use the Site. The Site is run by an individual operator in the United States (Ohio). It is a personal tech blog and project site, not a registered company.

We try to be straightforward about what we collect and why. If something here does not match how the Site actually works, the honest description of our practices wins — and we will update this page when we fix or change things.

1. Who This Applies To

The Site is available on the open web. We do not target a specific country or region. Visitors may come from anywhere. Laws in your location may give you additional rights; this policy explains our practices regardless of where you access the Site.

2. Information We Collect

2.1 Information you provide directly

  • Account registration: username, email address, and password (stored in hashed form, not as plain text).
  • Comments: comment text, linked to your account. Your username is displayed publicly on posts where you comment. You can edit or delete comments you have posted.
  • Contact form: reason, subject, message, and optionally an email address if you want a reply. If you are logged in, we may also associate the submission with your account identifier.
  • AI/ML demos (including Senta): text or other input you submit on demo pages. This data is stored in our database on equipment we operate locally.
  • Profile pictures (future): if we add profile images, we will store the image you upload and associate it with your account. We will update this policy when that feature goes live.

2.2 Information collected automatically

When you use the Site, we log technical and usage information, including:

  • Pages visited (including path and query string where applicable), referrer, and timestamps
  • IP address (often provided via Cloudflare headers)
  • Approximate country (from Cloudflare when available)
  • Browser-related signals used to build a hashed fingerprint (user agent, language, encoding, and similar headers — not used to identify you by name across the web)
  • Whether you were logged in (account identifier) or treated as a guest
  • HTTP response codes and related request metadata
  • Login and security-related logs (including failed logins, IP addresses, and ban history)
  • Blog view counts (we use a short-lived cache to avoid counting the same visit repeatedly within a time window)

2.3 Cookies and similar technologies

  • Session cookies: to keep you logged in while you browse.
  • Remember-me cookie: if you opt in at login, a token cookie (about 30 days) tied to a device fingerprint so you stay signed in on that browser.
  • CSRF protection: session-based tokens to reduce cross-site request abuse.

We do not run a separate third-party ad network on the Site. Cloudflare provides security and analytics as part of sitting in front of the Site. Google Search Console is used for search performance visibility; how Google processes data is governed by Google's policies when you use Google services.

Some browsers, extensions, or client software may inject additional scripts or requests (for example Chromium-related tooling). We do not control those injections and are not responsible for what they collect on your device.

3. How We Use Information

We use collected information to:

  • Operate the Site (authentication, comments, blogs, demos, contact handling)
  • Improve and maintain the Site (debugging, analytics, security, abuse prevention)
  • Train and improve machine-learning models using submissions from demo pages and related features
  • Enforce rules, including IP or account restrictions when needed
  • Respond to contact submissions when you provide a way to reach you
  • Comply with legal obligations if we are required to do so

We do not sell your personal information. We do not share it with third parties for their own marketing purposes.

4. AI/ML and Demo Submissions

When you use interactive demos on the Site:

  • Your input is stored in our database on servers we run.
  • Submissions may be kept for a long time; we do not currently run automatic deletion schedules for this data.
  • Text you submit on demo pages is not deletable by you after submission. Do not submit anything you are not comfortable being stored and used for model training or improvement.
  • Demo processing runs on infrastructure we control (including Senta-related demos on our own hardware).

AI/ML output is for demonstration and experimentation. Do not rely on it as professional, medical, legal, or other advice.

5. Where Data Is Stored and Processed

  • Primary hosting: servers operated locally in Ohio, United States.
  • Cloudflare: traffic passes through Cloudflare for security, performance, and analytics; Cloudflare may process connection metadata according to their privacy policy.
  • Email: outbound mail is sent through a mail server we operate on Linode.
  • Domain registration: Squarespace (registrar services subject to their policies).

We do not publish a street address or PO box. The operator is an individual in Ohio; we keep location details minimal in public documents.

6. How Long We Keep Data

We do not have a formal, automated retention schedule today. In practice:

  • Server logs, analytics records, ban history, and security history are generally kept indefinitely unless we manually remove them.
  • Account and comment data remain until you delete content, request account changes, or we remove it for operational or legal reasons.
  • Demo and training-related submissions are kept for the long term and are not automatically purged.

We may introduce clearer retention rules in the future and will update this policy if we do.

7. Age

We recommend users be at least 13 years old, consistent with our Terms of Service. If you are under 13, you should have a parent or guardian review this policy and agree before you use the Site. We do not knowingly target children.

8. Your Choices and Rights

  • Comments: edit or delete your own comments through the Site where those controls exist.
  • Cookies: you can clear cookies in your browser; you may need to log in again.
  • Account deletion: we are still building a self-service deletion flow. Until then, you can request account removal through the contact form. Our current intent (subject to change as we implement the feature): delete comments tied to your account; anonymize forum posts and training-related submissions rather than leaving them tied to your identity. Exact behavior may vary by content type until the feature is finalized.
  • Download your data: not available yet. We plan to add export options later.
  • Privacy requests: use the contact form and choose an appropriate reason. We do not list a public privacy email on this page to reduce spam; we read submissions through our normal support process.

We will respond to legitimate requests when we can. We do not guarantee a fixed response deadline — this is a small, individually operated site.

9. Marketing and Newsletters

We do not send newsletters or marketing email today. If we add them later, we will provide a way to opt out in account settings and an unsubscribe link in messages that points to that setting.

10. Disclosure to Others

We do not voluntarily hand out user data to third parties for their business purposes. We may disclose information if we believe it is reasonably necessary to:

  • Comply with law, regulation, legal process, or enforceable governmental request
  • Protect the security or integrity of the Site, our users, or the public
  • Investigate abuse, fraud, or technical issues

We have not established a formal law-enforcement request policy yet. We intend to push back on overbroad requests where we can, but we cannot promise we will never disclose information if we are legally compelled.

11. Security and Breaches

We use reasonable measures for a personal project site (access controls, hashing passwords, CSRF tokens, Cloudflare in front of the Site, logging for abuse detection). No system is perfectly secure.

We have not experienced a breach that we know compromised user account data. We do not yet have a written breach-notification playbook. If something serious happens, we will try to investigate, fix the issue, and notify affected users when practical — especially if we learn that sensitive account data was exposed.

12. International Visitors

Data is processed in the United States. If you access the Site from outside the U.S., you understand your information may be stored and processed here. Some regions (for example the EU or UK) have specific privacy laws; we aim to be transparent even though we are not a large commercial operator with dedicated compliance staff.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will change the effective date at the top of this page. Continued use of the Site after changes means you accept the updated policy. For significant changes, we may also try to notify registered users by email when we have an address on file.

14. Contact

Questions about privacy or your data: use our contact form on the Site. Please describe your request clearly (for example account deletion, correction, or a question about demo data).

15. Related Documents

This policy should be read together with our Terms of Service, which describe rules for using the Site and licenses for content you submit.

By using PUMKIIN.TECH, you acknowledge that you have read this Privacy Policy.