Privacy Policy
This Policy describes how Cairn ("the Service") collects, uses, and stores personal data.
1. Data We Collect
1.1 From Writers
- Self-attested name
- Self-attested year of birth and country of residence
- Email address
- Payment information (handled by payment providers; we do not store card numbers)
- Entry text
- IP address and user agent at submission
- Identity documents: collected only when the Operator later requests them in cases of suspected fraud or duplicate registration, and the User chooses to provide them.
1.2 From Readers
- Page views and timestamps (aggregated, anonymous)
- IP address (retained for 30 days, DDoS protection only)
Reading requires no account. No personal data is collected from readers.
2. How We Use Data
| Data | Purpose |
|---|---|
| ID documents | Verify real person; prevent duplicate registration |
| Name, year of birth | Identity verification; extract year-of-birth for public display |
| Country | Public meta; regional pricing |
| Service-related communication | |
| Entry text | Public display (core purpose) |
| IP / UA | Fraud prevention; regional pricing |
3. What Is Made Public
Public
- Entry text
- Year of birth (4 digits only; month/day never public)
- Country
- Date of writing
- Display name (your choice: real name / pen name / anonymous)
- Content hash
Not Public
- ID document contents
- Full name (unless you choose to display it)
- Month and day of birth
- Email address
- Payment information
- IP address and access logs
4. Third-Party Sharing
We share personal data only with:
- Payment providers (Stripe, etc.) for transactions
- Cloud infrastructure (Cloudflare, etc.) for encrypted storage and delivery
- Legal disclosure in response to valid court orders or law enforcement requests
- With your explicit consent
5. International Data Transfers
Data is stored redundantly across multiple regions. We rely on Standard Contractual Clauses with processors for international transfers.
6. Retention
| Data | Retention |
|---|---|
| Entry text and public meta | Permanent |
| ID documents (when voluntarily submitted) | Deleted within 90 days of resolving the matter that prompted collection. Up to 7 years if required by applicable law. |
| Real name, email, card fingerprint (for duplicate detection) | Retained while the corresponding entry remains active. Deleted within 30 days if the entry is retracted. |
| Payment records | As required by law (up to 7 years) |
| Access logs (IP/UA) | 30 days |
| Email address (contact) | For the lifetime of the account |
7. Your Rights
- Right to access your personal data
- Right to rectification of inaccurate data (Entry text is not rectifiable)
- Right to erasure under specific conditions per Terms §11
- Right to data portability — receive your data in machine-readable form
- Right to withdraw consent for identity processing going forward
Contact us (see Section 12) to exercise these rights.
8. Security
- ID documents encrypted at rest with AES-256
- Encryption keys protected by Hardware Security Modules
- Access requires multi-factor authentication and separation of duties
- TLS 1.3 in transit
9. Cookies
We use cookies only to maintain your session during writing. No tracking cookies. No advertising cookies. No third-party analytics.
10. Children's Privacy
- We do not collect data directly from children under 16 (proxy registration by guardians excepted).
- Proxy registration requires the guardian's confirmation of legal authority over the child.
- Upon reaching adulthood, the child may exercise full data access and deletion rights over their data.
11. Changes to This Policy
This Policy may be updated. Material changes are notified to registered email addresses.
12. Contact
- Trading name: Cairn
- Contact: support@c4irn.net
Requests to access, correct, or restrict the use of your personal data, and any other privacy-related enquiries, should be sent to the address above.