Legal
Effective date: March 1, 2026 · Last updated: March 25, 2026
Disliketionary is operated as an independent platform based in Frankfurt am Main, Germany. For GDPR purposes, we act as the data controller for personal data collected through the Platform. For privacy inquiries, contact us at privacy@disliketionary.com.
Account Data: When you sign in via Google OAuth, we receive your name, email address, and profile picture. We do not receive or store your Google password. Content Data: Entries, topics, votes, and comments you create on the Platform. Interaction Data: Your likes, dislikes, follows, and engagement with other users’ content. Technical Data: IP address, browser type and version, device type, operating system, referring URLs, and pages visited. We collect this automatically via server logs and essential cookies. We do NOT collect: payment information, precise geolocation, contacts, health data, or any sensitive personal data categories.
We use your data to: (a) provide and operate the Platform, including your account, profile, and content display; (b) enable social features such as following, voting, and notifications; (c) detect and prevent abuse, spam, and platform manipulation; (d) analyze aggregate usage patterns to improve the Platform (we do not build individual behavioral profiles for advertising); (e) communicate service-related updates and respond to your requests; (f) comply with legal obligations. We do NOT use your data for: targeted advertising, selling to third parties, or building advertising profiles.
If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data under the following legal bases: Consent — when you authenticate via Google OAuth and agree to our terms. Contract Performance — processing necessary to provide you with the Platform’s services. Legitimate Interests — platform security, fraud prevention, and service improvement, balanced against your privacy rights. Legal Obligation — when required by applicable law. You may withdraw consent at any time by deleting your account.
We share data with the following categories of service providers, all bound by data processing agreements: Google (authentication via OAuth 2.0), Supabase (database and backend infrastructure, hosted in AWS), Vercel (frontend hosting and serverless functions), Anthropic (AI-powered content categorization — only topic titles are sent, never personal data). We do NOT sell, rent, or trade your personal data. We may disclose data if required by law, court order, or to protect the safety of our users.
Your data may be transferred to and processed in the United States and other countries outside the EEA. For transfers from the EEA, we rely on: EU Standard Contractual Clauses (SCCs) with our service providers, adequacy decisions by the European Commission where applicable, and your explicit consent when you create an account. We ensure that all international transfers maintain an adequate level of data protection.
We retain your personal data for as long as your account is active and as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and platform improvement.
Depending on your location, you may have the following rights: Right of Access — request a copy of the personal data we hold about you. Right to Rectification — request correction of inaccurate data. Right to Erasure — request deletion of your data ("right to be forgotten"). Right to Restriction — request that we limit processing of your data. Right to Data Portability — receive your data in a structured, machine-readable format. Right to Object — object to processing based on legitimate interests. Right to Withdraw Consent — at any time, without affecting prior processing. To exercise any of these rights, contact privacy@disliketionary.com. We will respond within 30 days. If you believe your rights have been violated, you may lodge a complaint with your local data protection authority.
We use only essential cookies required for authentication and session management. We do NOT use analytics cookies, advertising trackers, social media pixels, or fingerprinting technologies. See our Cookie Policy for complete details.
Disliketionary is not directed at children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact privacy@disliketionary.com.
We implement industry-standard security measures to protect your data, including: encryption in transit (TLS/HTTPS), encryption at rest for sensitive data, secure authentication via OAuth 2.0, regular security assessments, and access controls limiting who can access personal data. No system is 100% secure, and we cannot guarantee absolute security. If a data breach occurs that poses a risk to your rights, we will notify you and relevant authorities as required by law.
We may update this Privacy Policy periodically. Material changes will be communicated via the Platform or email before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued use of the Platform after changes constitutes acceptance.
For privacy-related questions or to exercise your rights, contact: privacy@disliketionary.com. For general inquiries: info@disliketionary.com.