Information We Collect
We only ask for what we actually need. Here is a plain-language breakdown of
the three categories of information we may gather.
Account Information
When you create an account we collect your username, email address,
and the password you choose (stored as a secure hash — we never see
your plain-text password). You may optionally add a display name,
bio, website URL, and profile photo.
Content You Create
Any mood boards, images, titles, descriptions, tags, and comments you
post on Visual Design Journey are stored and associated with your
account. Public content is visible to all visitors; boards you mark
private are visible only to you.
Usage & Technical Data
We automatically record standard server logs including your IP address,
browser type, operating system, referring URL, pages visited, and
timestamps. This data helps us keep the service fast, secure, and
reliable. We do not build individual behavioural profiles from it.
How We Use Information
We use the information we collect to run the platform and improve your
experience — nothing else.
-
Provide the service. Your account data lets you log in,
create boards, follow curators, and interact with the community.
-
Personalise your feed. We use your follows, likes, and
browsing activity to surface content that matches your tastes — entirely
on our own infrastructure.
-
Send you notifications. With your consent we send
transactional emails (password resets, follower alerts) and, if you opt in,
occasional digest emails about trending content. You can unsubscribe at any time
from your settings page.
-
Maintain safety and integrity. Usage logs help us detect
abuse, spam, and unauthorised access attempts so we can protect all users.
-
Improve the product. Aggregated, anonymised analytics
tell us which features people love and where we can do better. We never sell
or share this data with third parties for advertising.
Information Sharing
We do not sell your personal data. Full stop.
We may share limited information only in these specific circumstances:
-
Infrastructure providers. Our hosting and storage
partners process data on our behalf under strict data-processing agreements.
They act on our instructions only and are prohibited from using your data
for their own purposes.
-
Legal obligations. We may disclose information if
required to do so by a valid court order, subpoena, or applicable law.
We will notify you unless legally prohibited from doing so.
-
Business transfers. In the unlikely event of a merger
or acquisition, your data may transfer to the new entity, which would be
bound by this policy or a materially equivalent one.
-
Public content. Any board or comment you mark as
public is visible to all visitors by design — that is the core function
of the platform.
Data Retention
We keep your data for as long as your account is active or as needed to
provide you with the service.
Specifically:
-
Active accounts. Your profile, boards, and uploaded
images are retained as long as your account exists.
-
Deleted accounts. When you delete your account, your
personal data is purged within 30 days. Publicly visible
content (e.g. comments on community boards) may be anonymised rather than
removed to preserve the integrity of conversations.
-
Server logs. Raw access logs are retained for up to
90 days for security monitoring, then permanently deleted.
-
Backups. Encrypted backups may retain data for up to
30 additional days beyond the above windows before being
overwritten.
Security
We take security seriously and apply industry-standard practices to protect
your data.
-
Encryption in transit. All data between your browser
and our servers is transmitted over HTTPS using TLS 1.2 or higher.
-
Password hashing. Passwords are hashed using
bcrypt with a high cost factor. We never store or log
plain-text passwords.
-
Encrypted backups. Database backups are encrypted
at rest and stored in isolated, access-controlled environments.
-
Breach notification. If a breach affecting your data
occurs, we will notify you within 72 hours of becoming
aware, consistent with GDPR Article 33 obligations.
No system is 100% secure. If you discover a vulnerability, please report it
responsibly to
[email protected]
and we will respond promptly.
Cookies
We use a minimal set of cookies that are necessary to operate the platform.
We do not use third-party advertising cookies.
| Cookie |
Purpose |
Duration |
PHPSESSID |
Maintains your login session |
Session (deleted when you close your browser) |
csrf_token |
Protects against cross-site request forgery |
Session |
remember_me |
Keeps you logged in if you check "remember me" |
30 days |
You can disable cookies in your browser settings, but please note that
core features — including logging in and creating boards — rely on
the session cookie and will not work without it.
Your Rights
Under the GDPR and similar regulations, you have meaningful control over
your personal data. We honour all of the following rights.
Access
Request a copy of all personal data we hold about you.
Rectification
Ask us to correct inaccurate or incomplete information.
Erasure
Delete your account and personal data at any time from your settings page.
Objection
Object to processing of your data for analytics or marketing purposes.
Portability
Receive your data in a structured, machine-readable format.
Restriction
Ask us to limit processing while a dispute is being resolved.
To exercise any of these rights, email us at
[email protected].
We will respond within 30 days. If you believe your rights
have not been respected, you have the right to lodge a complaint with your
local data protection authority.
Contact Us
Have a question about this policy, want to exercise your rights, or spotted
something we could do better? We would love to hear from you.
This policy may be updated from time to time. When we make material changes
we will notify registered users by email and update the "last updated" date
at the top of this page. Continued use of Visual Design Journey after
changes take effect constitutes acceptance of the revised policy.