Privacy Policy

This Privacy Policy explains how Elshifer (“we”, “us”) collects, uses, shares, and protects personal data when you use our website and services.

Effective date: 13 February 2026 Last updated: 13 February 2026 Version: 1.0

Unspecified legal facts (placeholders): Our legal entity name, registered address, primary jurisdiction, and whether a Data Protection Officer (DPO) is required/appointed are currently unspecified. Replace the bracketed placeholders in this policy before publishing.

Privacy at a glance

What we collect

We collect (1) data you provide (for example, account details and content you upload or publish), (2) technical data (for example, IP address, device/browser info, pages visited, basic security logs), and (3) cookies or similar storage/access signals (for example, cookie consent status and ad-related identifiers if you consent).

What you control

You can browse most of the site without an account. You can request access, correction, or deletion for account-related data. You can accept/decline non-essential cookies via our consent banner (and change your choice later). You can also control cookies in your browser.

Plain-language summary (short)

We use basic technical logs to keep Elshifer running and secure. If you create an account, we store what’s needed to manage it (like your username and password hash). If you publish or upload content, it may be visible to others depending on the feature (for example, encyclopedia posts or public audio uploads). We show ads to support the site; ad cookies may be used only if you consent where required.

This policy is intended to be clear and user-friendly. It does not replace legal advice for your specific circumstances.

Who we are (controller)

Website/Service: Elshifer (elshifer.com)

Data controller: [LEGAL ENTITY NAME OR INDIVIDUAL NAME]

Registered address: [FULL POSTAL ADDRESS, CITY, STATE/PROVINCE, POSTCODE, COUNTRY]

Primary jurisdiction: [COUNTRY / STATE / REGION — UNSPECIFIED]

Email (privacy contact): [email protected]

Data Protection Officer (DPO): [IF APPLICABLE: NAME + EMAIL + ADDRESS]. If no DPO is appointed, state: “Not appointed.”

If you operate from outside the EU/UK but target users there, you may need an EU/UK representative. Add if applicable:
EU Representative: [NAME + ADDRESS + EMAIL]
UK Representative: [NAME + ADDRESS + EMAIL]

Personal data we collect

The exact data we process depends on which parts of Elshifer you use (for example, Encyclopedia accounts vs. browsing vs. uploads). “Personal data” includes information that can identify you directly or indirectly (like an IP address).

Data you provide (account and content)
  • Account identifiers: username; optional email address used for account functions (for example password reset).
  • Account security data: password hash (we do not store passwords in plain text).
  • Profile data (optional): gender selection; profile picture you upload (if you choose).
  • Age gating: date of birth (or age-related input) if you provide it, used to hide age-restricted content where applicable.
  • User-generated content: encyclopedia articles, comments, suggestions, or other text you publish.
  • Uploads: audio files (MP3) and metadata (title, artist, optional lyrics) if you use the Audio Library upload feature.
  • Communications: emails/messages you send to us or support requests you submit.

Important: Some content you submit may be public (for example, published encyclopedia entries or public audio uploads), depending on the feature.

Data collected automatically (technical logs)
  • Network/technical identifiers: IP address; approximate location derived from IP; timestamps.
  • Device and browser data: user agent, browser type/version, operating system, device type.
  • Usage/activity data: pages visited, time spent, referrer information.
  • Security and error data: error logs, rate limiting/security logs (used for debugging and abuse prevention).
  • Games usage: a username you enter and gameplay stats required for features like leaderboards (where present).
Cookies and similar technologies (storage/access on your device)

We use cookies and similar technologies (including, where used, LocalStorage, SessionStorage, and IndexedDB) to provide core functionality, remember preferences, store cookie consent, measure site performance, and serve advertising (where enabled).

Where laws require it, we will request your consent before setting non-essential cookies or using non-essential storage/access technologies.

Data from third parties

We may receive limited information from third parties when you interact with embedded or linked services (for example, advertising technology providers), or if you contact us through a third-party form link. Replace placeholders below with your actual providers.

  • Advertising providers: [e.g., Google (AdSense)]
  • Form providers: [e.g., forms.app] (only if you use forms hosted by them)
  • Hosting/CDN/security: [NAME OF HOSTING/CDN/DDoS PROVIDER]
  • Email delivery: [NAME OF EMAIL SERVICE / SMTP PROVIDER]

How we use data and legal bases

We use personal data only for the purposes described below. If you are in a jurisdiction that requires a lawful basis (for example under GDPR-style rules), we rely on the bases in the table.

Purpose, typical data, and legal basis
Purpose Typical data used Legal basis (template)
Provide site functionality (pages, tools, accounts) Technical identifiers; account details; preferences Contract / steps at your request (for accounts), and/or legitimate interests (basic operation)
Account security and authentication Username; password hash; login/session data; security logs Contract; legitimate interests (security); legal obligation (where applicable)
Publishing/hosting user content (Encyclopedia, uploads) Content you submit; upload metadata; account identifiers Contract; legitimate interests (operating a publishing platform)
Support and communications Email address; message contents; troubleshooting context Legitimate interests; contract (if tied to account services)
Security, abuse prevention, debugging IP address; logs; error reports; rate-limit events Legitimate interests (keeping the service secure)
Analytics (site performance and usage statistics) Usage events; device/browser data; cookies (if enabled) Legitimate interests (privacy-friendly analytics) and/or consent (where cookie laws require it)
Advertising (funding the site) Ad identifiers/cookies; IP-derived signals; ad interaction data Consent (for non-essential ad cookies/storage-access where required); legitimate interests for non-personalized ads (jurisdiction-dependent)

Replace the “legal basis” column with your final choices after confirming your actual implementations (especially advertising and analytics configurations).

Cookies & similar technologies

Cookies are small text files stored on your device. “Similar technologies” include any technology that stores or accesses information on your device (for example LocalStorage or IndexedDB). We use these tools for the purposes described below.

Recommended cookie/storage-access categories
Category What it’s for Examples Choice
Strictly necessary Core site functions (sessions, login, security, load balancing) Session cookies; security tokens; cookie-consent storage Always on (cannot be disabled without breaking core features)
Functional Remember preferences and improve usability Language or UI preferences; tool settings stored locally Opt-in where required
Analytics / measurement Understand performance and feature usage Page view measurement; aggregated stats Opt-in where required
Advertising / targeting Serve ads; measure ads; frequency capping; prevent ad fraud Ad identifiers; conversion/attribution tags Opt-in where required

How to manage cookies

  • Cookie banner/settings: Use our cookie consent choices when shown (and revisit settings via: [LINK TO COOKIE SETTINGS]).
  • Browser controls: Most browsers let you remove or block cookies. If you block strictly necessary cookies, some features (like login) may not work.
  • Advertising controls: You may be able to control ad personalization through Google’s ad settings (see “Advertising and analytics” below).

Maintain a current cookie/vendor list if you use advertising or analytics. Cookie names and partners can change over time.

Advertising and analytics

Advertising (Google AdSense)

We use Google AdSense to display ads. Google and other third-party vendors may use cookies or mobile identifiers to serve ads based on prior visits to this website and/or other websites. Ads may be personalized if you consent where required.

Personalized vs. non-personalized ads: Personalized ads use data such as your browsing activity (across sites) to choose ads. Non-personalized ads do not use that kind of profile, but may still use contextual signals (for example, general location derived from IP, device type, or page context).

Your choices: You can manage your cookie/ads consent via our consent banner (where shown) and you may also manage ad personalization through Google’s ad settings:
https://myadcenter.google.com/

Analytics

We use analytics to understand how the site is used and to improve performance and stability. Important: Replace this paragraph with your actual analytics setup (for example: “we use internal server logs only” or “we use Google Analytics”), including whether analytics cookies are used and how to opt out.

If you use consent tools (for example Google Funding Choices / consent messages), ensure your implementation blocks non-essential cookies until consent where required.

How we share data

We do not knowingly sell your personal data in the ordinary sense of “selling a list.” However, advertising technology can involve disclosures that some laws define as “sharing” or “sale.” To avoid confusion, we describe recipient categories below.

  • Advertising partners: Google (AdSense and related services), for ad delivery and measurement.
  • Hosting and infrastructure providers: [HOSTING PROVIDER], [CDN/DDoS PROVIDER].
  • Email delivery providers: [EMAIL PROVIDER], for account and support emails (password reset codes, notifications).
  • Security and error monitoring: [SECURITY/ERROR TOOL], used to detect abuse and diagnose issues (if used).
  • Legal and safety reasons: We may disclose information if required by law, to respond to lawful requests, or to protect the rights, safety, and integrity of the service.

Replace placeholders with the actual vendors you use. If you operate in a GDPR-like regime, add whether vendors act as processors and reference your data processing agreements where relevant.

International transfers

Your data may be processed on servers located in countries other than where you live (for example, where our hosting provider or advertising partners operate).

Hosting/primary processing locations: [LIST COUNTRIES/REGIONS — UNSPECIFIED]

Transfer safeguards (template): When required, we rely on an adequacy decision, Standard Contractual Clauses, or another lawful transfer mechanism. Add specifics here after confirming your vendors and locations.

Do not rely on “you consent to transfers” as your only disclosure. List locations and safeguards where applicable.

Data retention

We keep personal data only as long as necessary for the purposes described in this policy, then delete or anonymize it unless we must keep it for legal or security reasons.

Retention schedule (recommended template)
Data category Typical retention Why we keep it
Account data (username, email, profile fields) For as long as your account is active; deleted or anonymized after account deletion (subject to exceptions) Provide account services, security, and user controls
Password reset requests and email codes Short-lived (minutes to hours); audit logs kept [X days] Account recovery and fraud prevention
User-generated content (published posts/uploads) Until you delete it or delete your account, unless we must retain it (eg, moderation/legal) Operate publishing/upload features
Technical logs (IP, user agent, visited pages) [X days] for routine logs; [Y days] for security logs Security, debugging, performance monitoring
Cookie consent record Typically up to [X months] or until you clear cookies/change choice Remember your cookie settings
Advertising/analytics identifiers (if enabled) As defined by the provider and your consent choices Ads/measurement, where permitted
Game leaderboard entries [X months] or until removed; consider offering “remove my score” Provide leaderboard features

Replace all bracketed values with your actual retention numbers.

Security

We use reasonable technical and organizational measures designed to protect personal data. These include, where applicable:

  • Restricted access to servers and admin tools
  • Password hashing (we do not store passwords in plain text)
  • Regular updates and security patches
  • Logging and rate limiting to prevent abuse
  • Backups and recovery procedures (where feasible)

No system is 100% secure. If you believe you found a security issue, email [email protected].

Your rights and how to exercise them

Your rights depend on where you live. We provide the controls below to support common privacy regimes.

Account and user content controls (available to many users)
  • Access: request a copy of data we hold about your account.
  • Correction: request correction of inaccurate account data.
  • Deletion: delete your account (where the feature exists) or request deletion via email.
  • Cookie choices: accept/decline non-essential cookies (and change later).
EU/EEA/UK-style rights (template)
  • Access, rectification, erasure, restriction, portability, and objection (where applicable).
  • Withdraw consent (where processing is based on consent), without affecting earlier lawful processing.
  • Lodge a complaint with your local supervisory authority.

Add the contact details for your lead supervisory authority if you have one, otherwise direct users to their local authority finder page.

California-style rights (CCPA/CPRA) (template)
  • Right to know/access, delete, and correct (subject to legal exceptions).
  • Right to opt out of sale/sharing (if applicable).
  • Right to limit the use/disclosure of sensitive personal information (if applicable).
  • Right to not be discriminated against for exercising your rights.

If you are a covered “business” under California law, add: (1) a “Do Not Sell or Share My Personal Information” link, (2) how you honor Global Privacy Control (GPC) signals, and (3) designated request methods.

How to submit a request

Email: [email protected]

What to include: your username (if you have one), the email used for the account (if any), and the request type (access/correction/deletion/etc.).

Verification: we may ask for additional information to confirm you are the account owner, to protect your data from unauthorized access.

Response time: we aim to respond within a reasonable period, and within any legally required deadlines where applicable.

Children’s privacy

Elshifer is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account or provided personal data, contact us and we will take appropriate action.

If you offer services to teens or have age-gated content, consider adding clearer age-handling practices (eg, what is collected, and how it is used).

Changes and previous versions

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. If changes are material, we will take reasonable steps to provide a more prominent notice (for example, a banner or account notification).

Consider maintaining an archive page (eg, /privacy-archive) with previous versions and dates to improve transparency.

Contact

Privacy contact: [email protected]

Postal address: [FULL POSTAL ADDRESS — REQUIRED FOR MANY REGIMES]

Website: https://elshifer.com

If you operate in multiple jurisdictions, consider adding a dedicated privacy request form and a security contact workflow.