Privacy Policy

of the Search Boundary platform
Version 1.0
Date: 2025-12-01

1. Data Controller

The Data Controller responsible for processing personal data on the Search Boundary platform is:

Sergij Bondarenko

acting as a private individual (non-entrepreneur)

Email: search.boundary@gmail.com

A Data Protection Officer (DPO) is not appointed, as the nature and scale of processing do not require such appointment under Article 37 GDPR.

2. Categories of Data

We process the following categories of personal data:

2.1. For unregistered visitors (guests):
  • IP address (hashed or truncated where possible)
  • device metadata (browser type, OS, user agent)
  • referrer and visited URLs
  • timestamps of visits
  • aggregated viewing statistics
  • generated guest identifier (non-cookie token)
2.2. For registered users:
  • account data (email, username, password hash, language settings)
  • profile data (optional biography, avatar, interests)
  • content posted on the platform
  • interactions with content (views, reactions, shares, subscriptions)
  • social connections and public activity
  • log records of account-related actions (login, settings changes)
2.3. Technical data (all users):
  • server logs
  • security logs
  • error logs and diagnostic data

3. Purposes

We process data for the following purposes:

1. Operation of the platform (storage and display of content, authentication).
2. Providing social functionality (likes, reactions, shares, subscriptions).
3. Public analytics of interactions between users and content.
4. Displaying aggregated and individualized viewing statistics to authors and other users.
5. Security, abuse prevention, rate limiting, and incident detection.
6. Compliance with legal obligations, including data protection laws.

4. Legal Basis

Processing is based on:

4.1. Legitimate interests (Art. 6(1)(f) GDPR):
  • providing platform functionality,
  • generating analytics and public interaction data,
  • ensuring security, stability, and integrity of services.
4.2. Performance of a contract (Art. 6(1)(b) GDPR):
  • creating an account,
  • posting content,
  • maintaining a user profile.
4.3. Compliance with legal obligations (Art. 6(1)(c) GDPR)
  • where applicable (e.g., security logs, fraud prevention).

5. Public Nature of Interactions

Search Boundary is a platform built around public intellectual and social interaction.
Therefore:
1. Viewing, reacting to, sharing, or otherwise interacting with content is a public action.
2. Guest views are made available in aggregated form and may be publicly visible.
3. Registered users’ interactions (views, reactions, comments, shares, follows) are treated as public social signals and may be displayed:
  • to the content author,
  • to other users,
  • on public analytics pages,
  • as part of platform-wide rankings and activity feeds.

By using the platform, users understand and accept that their activity forms part of the public social mechanics of the system.

6. Processing of Potentially Sensitive Data

Search Boundary does not classify or restrict content based on sensitivity.
Because:
  • authors define the subjects and descriptions of their posts,
  • each post contains a title, short annotation, and keywords visible before viewing,
  • readers choose voluntarily whether to engage with the content,
  • the platform does not perform automatic filtering or categorization of sensitive topics.

If users publish posts that include or imply sensitive topics (within the meaning of Art. 9 GDPR), such content is published voluntarily and publicly by the user, and its viewing and interaction follow the public interaction model described in Section 5.

The platform does not collect sensitive data about users unless they choose to publish it in their content.

7. Data sharing (Processors / Third Parties)

We do not sell personal data. Data may be shared only as follows:

1. Public display:
  • views, interactions, rankings, and activity statistics may be publicly visible.
2. Service providers (Processors):
  • server hosting provider,
  • email delivery provider (for registration messages),
  • each operating under a Data Processing Agreement (DPA).
3. Legal compliance:
  • if required by law enforcement or regulatory authorities.

No data is shared with advertisers or marketing networks.

8. Data Retention

8.1. Account data:

Stored for the duration of the account. Deleted upon user request.

8.2. Content and interactions:

Public posts and public interactions remain visible as part of the platform’s public record unless removed by the user.

8.3. Technical logs:

Stored for 30–90 days depending on category, unless needed for security investigations.

8.4. Backups:

Encrypted backups stored up to 30 days.

9. Rights of Users

Users have the following rights under GDPR:

  • right of access to their personal data;
  • right to rectification;
  • right to erasure (account deletion);
  • right to data portability;
  • right to restrict processing;
  • right to object, especially regarding public display of their interactions;
  • right not to be subject to automated decision-making;
  • right to lodge a complaint with a supervisory authority;

Requests may be sent to: search.boundary@gmail.com.

10. Security

We implement technical and organizational measures to protect data, including:

  • HTTPS encryption
  • hashed passwords (bcrypt/Argon2)
  • access control and SSH key authentication
  • firewalls and network restrictions
  • application-level protections (CSRF, input validation, rate limiting)
  • encrypted backups
  • monitoring and logging of security-related events
  • regular updates and security patches

Additional details may be provided in our Security Policy (TOMs).

11. Changes

We may update this Privacy Policy from time to time.

Significant changes will be communicated through the platform.

Continued use of the service constitutes acceptance of the updated Policy.