Privacy Statement

Scope

This page describes data handling for this Alphapedia service, including public pages, publish endpoints, admin pages, and the Discord webhook portal.

Last updated: 2026-05-01 18:53:00 +02:00

This statement is provided for transparency and operational clarity. It is not legal advice.

Table of Contents

• Scope
• Table of Contents
• Controller and Contact
• Data We Process
• How We Use Data
• Legal Bases (GDPR-Style Summary)
• Cookies and Browser Storage
• Third-Party Services
• Retention and Deletion
• Security Measures
• Your Choices
• Your Privacy Rights (Where Applicable)
• Changes to This Statement

Controller and Contact

The service operators of Alphapedia act as the data controller for personal data processed by this site.

For privacy requests or questions (including access, correction, or deletion requests), contact the site operators through the support channels listed on the Help page.

Data We Process

Notification and activity records

• Published notification details such as topic, publish time, Pokemon/title, region, location, and publisher username.
• History and operational metadata needed for duplicate checks, slot checks, and service health views.

Account and access data

• Publisher/admin usernames and password hashes (passwords are not stored in plain text).
• Admin and webhook portal session state stored in signed session cookies.

Webhook portal data

• Discord OAuth account identifier and display name used to scope endpoint ownership.
• Webhook endpoint configuration: endpoint name, URL, enabled status, optional secret token, and owner association.

Security and audit logs

• Security event records (for example rate-limit events and webhook delivery failures).
• Audit log records for administrative and webhook-management actions.

How We Use Data

• To deliver publish notifications and enforce anti-duplicate and time-slot controls.
• To authenticate users and protect admin/webhook routes.
• To provide history views and system status information.
• To secure the platform, detect abuse, and troubleshoot failures.
• To deliver outbound webhook notifications to endpoints you configure.

Legal Bases (GDPR-Style Summary)

• Legitimate interests: operating, securing, and improving a reliable Alpha-notification service.
• Contractual or pre-contractual necessity: processing needed to provide requested functionality such as account access and webhook management.
• Consent: where you voluntarily enable browser features such as notification permissions or local storage of convenience settings.
• Legal obligations: where processing is required to comply with applicable law.

Cookies and Browser Storage

• Session cookies are used for authenticated portal/admin/webhook sessions and CSRF protection.
• The Alphapedia page may store publish settings locally in your browser (localStorage), including encrypted credentials for convenience. This local browser storage is controlled by your browser profile and device.

Third-Party Services

• Discord OAuth2 is used for webhook portal sign-in and account identity verification.
• ntfy infrastructure is used to publish notification messages.
• Webhook deliveries are sent to the endpoint URLs configured by users.

When these integrations are used, relevant request metadata and payload content are transmitted to those services as part of normal operation.

Plausible Analytics

This site uses Plausible Analytics Community Edition for privacy-friendly, cookie-free website analytics. All analytics data is processed and stored on our own infrastructure and is not shared with or shipped to any third parties. We use this data solely to improve the site and understand language usage patterns. No personal data is collected, and no tracking cookies are set.

Retention and Deletion

Operational logs, audit data, notification history, and webhook endpoint configuration are retained in the service database until removed through administrative or maintenance actions.

Webhook endpoints can be deleted from the webhook portal by their owning Discord account.

Security Measures

• Password hashing for stored credentials.
• CSRF protections on state-changing routes.
• Security headers (including CSP and related hardening headers).
• Rate limiting on sensitive endpoints.
• Signed session cookies for authenticated sessions.

Your Choices

• You may avoid storing publish credentials in browser local storage by not saving them in the Publish Settings modal.
• You may remove your own webhook endpoints from the webhook portal.
• You may clear browser cookies and local storage to remove local session/configuration data.

Your Privacy Rights (Where Applicable)

• Access: request a copy of personal data held about you.
• Rectification: request correction of inaccurate or incomplete personal data.
• Erasure: request deletion of personal data when legal and operational conditions permit.
• Restriction and objection: request limited processing or object to certain processing based on your circumstances.
• Portability: request portable data where applicable by law.
• Complaint rights: you may lodge a complaint with your local supervisory authority where applicable.

Changes to This Statement

This statement may be updated as features or data flows change. The updated version will be posted on this page.