The Mitra Project
Back to home

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly: email address, username, and any optional profile information. For vendors, we additionally collect business information (EIN, facility certifications) for KYC verification. For donors, we process payment information through Stripe (we do not store card details).

2. How We Use Your Information

Your information is used to: operate your account, display your profile and contributions, calculate reputation scores and community tiers, send transactional emails (notifications, receipts), enforce community guidelines, and improve the platform.

3. Data Storage & Security

Data is stored in Supabase (PostgreSQL) with row-level security (RLS) enforced. Authentication is handled by Supabase Auth. All connections use TLS encryption. Vendor KYC documents are stored in private storage buckets accessible only to administrators.

4. Third-Party Services

We share data with the following services as necessary:

  • Supabase — Database hosting, authentication, and file storage
  • Stripe — Payment processing for subscriptions and donations
  • Resend — Transactional email delivery
  • Cloudflare — Bot protection (Turnstile CAPTCHA)
  • Sentry — Error monitoring (anonymized)
  • Vercel — Application hosting

5. Your Rights

You may access, update, or delete your account information through the Settings page. Account deletion is subject to a 30-day recovery window, after which data is permanently purged. Forum posts by deleted accounts are retained with anonymized authorship.

6. Cookies & Local Storage

We use essential cookies for authentication sessions. Local storage is used for draft auto-save (forum posts), UI preferences, and PWA installation prompts. No advertising or third-party tracking cookies are used.

7. Public Information

Forum posts, reviews, and profile information (username, community tier, donor badge) are publicly visible. Direct messages are private and accessible only to participants. You can control profile visibility through privacy settings.

8. Data Retention

Active account data is retained for the life of the account. Rate limit entries are retained for 7 days. Search logs are retained for 90 days. Analytics events are retained for 90 days. Audit logs are retained indefinitely for platform integrity.

9. Children

The Mitra Project is not intended for users under 18 years of age. We do not knowingly collect information from minors.

10. Changes to This Policy

We may update this privacy policy at any time. Material changes will be communicated via platform notification. Continued use after changes constitutes acceptance.

Contact

For privacy-related inquiries, contact us at the information provided on the platform.