Updated

Ardents

Privacy Policy

How account, story, interaction, and routing data are processed in Ardents.

Last updated: April 19, 2026

Controller and scope

This notice describes how personal data is processed when you use Ardents. The data controller is the operator of Ardents. Questions about this notice or privacy-related requests may be sent through the support contact path provided in the service.

This notice covers the web service, account access flows, publishing flows, story navigation, reactions, and related operational security measures.

Categories of data

  • Account and identity data, such as email address, display name, avatar URL, login provider, and email verification status.
  • Authentication data, such as session identifiers, password hashes, magic-link tokens, and authentication logs.
  • Story and content data, such as authored text, tags, uploaded media, and story identifiers.
  • Interaction data, such as reaction choices and recent story history stored in the browser.
  • Routing and technical data, such as session-based transition records used to operate story navigation and prevent short cycles.

Sources of data

  • Directly from you when you create an account, sign in, publish a story, upload media, or use reactions.
  • From your device when the service stores a session identifier or recent story history in browser storage.
  • From identity providers if Google sign-in is enabled and you choose that sign-in method.

Purposes and legal bases

Depending on the context, Ardents may process personal data on one or more of the following bases:

  • Performance of a contract: to create and maintain your account, authenticate you, publish your stories, and operate story navigation you request.
  • Legitimate interests: to secure the service, prevent abuse, keep routing functional, maintain service integrity, and document moderation or enforcement decisions.
  • Compliance with legal obligations: to respond to valid legal requests, maintain required records, and honour applicable data protection or platform rules.
  • Consent: where a specific optional feature is offered on a consent basis, such as an optional non-essential communication or optional identity flow.

Cookies and similar storage

Ardents uses a session cookie for authenticated access. The current service also stores a session identifier and a short recent-story history in browser local storage to support route continuity and reading flow. These items are functional service storage rather than advertising technology.

If non-essential analytics, marketing tags, or similar technologies are introduced later, they should not be enabled until the operator has established an appropriate consent mechanism where required.

Recipients of data

  • Infrastructure and hosting providers used to run the web application, database, and media storage.
  • Email delivery providers used for magic-link authentication or operational account messages.
  • Identity providers, such as Google, when you choose that sign-in method and the feature is enabled.
  • Competent authorities or third parties where disclosure is required by law or needed to establish, exercise, or defend legal claims.

International transfers

If personal data is transferred across borders, the operator will use a valid transfer mechanism and any supplementary safeguards required by applicable law. If a provider processes data in another country, additional contractual, technical, or organisational measures may be required depending on the transfer context.

Retention

  • Account data is retained for as long as the account is needed to provide the service and for a reasonable period after closure where needed for security or legal defence.
  • Authentication sessions are retained only for their active lifespan and related security housekeeping.
  • Story content and associated metadata are retained for as long as the content remains available in the service, unless deletion is required sooner.
  • Transition and operational logs are retained only for the period reasonably necessary for routing quality, service security, and troubleshooting.

Your rights

Subject to the conditions and limits in applicable law, you may have the right to:

  • request access to your personal data;
  • request rectification of inaccurate or incomplete personal data;
  • request erasure of personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • receive data portability where processing is based on consent or contract and carried out by automated means;
  • withdraw consent where processing relies on consent; and
  • lodge a complaint with your local supervisory authority.

Automated decision-making

Ardents uses routing logic to select available next stories, but this is not intended to produce legal or similarly significant effects about you as a person. If the service later introduces profiling or automated decisions with such effects, this notice will be updated before those features are used.

Children

The service is not designed for children who are below the minimum digital consent age applicable in their country. If the operator becomes aware that personal data was collected from a child without a valid legal basis, appropriate steps will be taken to remove or restrict that data.

Changes to this notice

This notice may be updated when the service, legal basis analysis, storage model, or third-party provider set changes. Material updates should be published before or when the related change becomes effective.