Privacy Policy
Last Updated: December 14, 2024
Past of Today ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you:
- Create an Account: Username, email address, and password
- Create or Edit Events: Event titles, dates, descriptions, locations, and sources
- Contact Us: Name, email address, and message content
- Update Settings: Notification preferences and other user settings
1.2 Information Collected via Social Authentication
When you sign in using a third-party service (Google, Facebook, etc.), we collect:
- Your name and email address from the social media provider
- Profile picture (if available)
- Unique identifier from the social media provider
We only request the minimum information necessary to create and manage your account.
1.3 Automatically Collected Information
When you visit our website, we automatically collect:
- Log Data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps
- Cookies: Session cookies to maintain your login state and preferences
- Usage Data: How you interact with our website and services
2. How We Use Your Information
We use the collected information for the following purposes:
- Account Management: To create, maintain, and secure your account
- Service Delivery: To provide, operate, and maintain our historical events database
- Content Moderation: To review and verify user-submitted historical events
- Communication: To send account activation emails and important service updates
- Security: To detect, prevent, and address technical issues and fraudulent activity
- Improvement: To analyze usage patterns and improve our services
- Legal Compliance: To comply with applicable laws and regulations
3. How We Share Your Information
3.1 Public Information
The following information is publicly visible on our website:
- Historical events you create (title, date, description, location, sources)
- Your username as the author of events
Your email address is never publicly displayed.
3.2 Third-Party Service Providers
We may share your information with trusted third-party service providers who assist us in operating our website:
- Authentication Providers: Google, Facebook (only for social login functionality)
- Hosting Services: To store and process data
- Email Services: To send account activation and notification emails
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).
3.4 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4. Data Security
We implement appropriate technical and organizational security measures to protect your information:
- Encryption: Passwords are hashed using industry-standard algorithms
- HTTPS: All data transmitted between your browser and our servers is encrypted (in production)
- Access Controls: Limited access to personal information based on role-based permissions
- Regular Updates: We keep our security measures up to date with industry best practices
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
5. Your Rights and Choices
5.1 Account Information
You can:
- Access and update your account information in your Settings
- Edit or delete events you have created
- Change your notification preferences
5.2 Account Deletion
You may request deletion of your account by contacting us. Upon account deletion:
- Your personal information will be removed from our active databases
- Events you created may be retained for historical accuracy but will be anonymized
- Some information may be retained in backup systems for a limited period
5.3 Cookie Management
You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some parts of our service may not function properly without cookies.
5.4 Communication Preferences
You can opt out of non-essential communications in your account settings. You cannot opt out of essential service-related communications (e.g., account activation).
6. Children's Privacy
Our service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.
7. Third-Party Links
Our website may contain links to external websites (e.g., sources for historical events). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to read their privacy policies before providing any information.
8. International Data Transfers
Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our service, you consent to such transfers.
9. Data Retention
We retain your information for as long as your account is active or as needed to provide services. We may retain certain information after account deletion for:
- Legal compliance and regulatory requirements
- Resolving disputes and enforcing agreements
- Maintaining historical accuracy of events database
- Fraud prevention and security purposes
10. Your Privacy Rights by Region
10.1 European Economic Area (EEA) Users - GDPR
If you are located in the EEA, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Request restriction of processing
- Right to Data Portability: Request transfer of your data
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time
10.2 California Residents - CCPA
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell
- Request deletion of your personal information
- Opt-out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your CCPA rights
11. Cookies and Tracking Technologies
We use the following types of cookies:
- Essential Cookies: Required for authentication and security (session cookies)
- Functional Cookies: Remember your preferences and settings
- CSRF Tokens: Protect against cross-site request forgery attacks
We do not use cookies for advertising or tracking across other websites.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date at the top of this policy
- Sending an email notification for material changes (if you have an account)
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Past of Today
Email: privacy@pastoftoday.com
For data subject access requests or privacy concerns, please include "Privacy Request" in your email subject line.
14. Specific Data Processing Activities
14.1 Email Activation
When you create an account with email and password, we send an activation email to verify your email address. This email contains a one-time activation link that expires after a certain period for security purposes.
14.2 Social Authentication
When you use social login (Google, Facebook):
- We do not store your social media password
- We receive only the information you authorize the social provider to share
- Your email is automatically verified by the social provider
- You can revoke access through your social media account settings
14.3 Event Submissions
When you submit historical events:
- Your username is associated with events you create
- Events are marked as "Unverified" until reviewed by moderators
- Events may be edited or rejected if they violate our content guidelines
- We maintain an audit log of event creation and state changes for quality control
14.4 User Groups and Permissions
We maintain different user groups (Reviewers, Admins, Super-Admins) with different access levels. Your group membership determines what actions you can perform on the platform.
15. Consent
By using our website and services, you consent to this Privacy Policy and agree to its terms.
Summary: We collect and use your information to provide historical events services. We do not sell your personal data. You have control over your information and can update or delete it at any time. We protect your data with industry-standard security measures.