Privacy Policy

Last updated: November 17, 2025

This is a non-commercial, open-source project. We collect only the minimal data necessary to display signatures and prevent abuse. We do not use analytics, advertising, or sell any data.

Controller​

See the Imprint.

Email: manifesto@software-craftsmanship.dev

Legal basis: We process your data based on your consent (when you sign) and our legitimate interest in preventing abuse .

What We Collect​

When you sign via GitHub or LinkedIn (OAuth)​

We store:

• Your user ID (to prevent duplicate signatures)
• Display name
• Profile picture URL
• Public profile link
• Timestamp of signing

Note regarding Email: Your email address is processed by our authentication provider (Supabase) to verify your identity, but it is neither stored in our public signature database nor displayed publicly.

When you sign with name only (without account)​

We store:

• Your name (required)
• Location (optional)
• Privacy level setting
• Timestamp of signing

We do not store:

• Your real IP address
• Browser fingerprints
• Any authentication credentials

Important: Name-only signatures are not linked to a user account. Therefore, they cannot be edited or withdrawn automatically via the website interface. To remove a name-only signature, please contact us via email.

Local Storage & Cookies​

We do not use third-party tracking cookies. However, we use your browser's Session Storage for essential technical purposes:

1. Functionality: To remember that you have already signed.
2. Security: To store temporary session tokens during the signing process.

These data are stored locally on your device and are strictly necessary for the website to function properly.

Privacy Levels​

You control what is publicly displayed:

• Full Profile: Name, picture (OAuth only), and profile link are visible.
• First Name Only: Only your first name and picture are visible; no link.
• Anonymous: Displayed as "Anonymous Supporter" with a generic avatar.

For OAuth signatures (GitHub/LinkedIn): You can change this setting anytime after signing in. For name-only signatures: The privacy level is chosen during signup and cannot be changed later (as no account is linked).

Third-Party Services​

We share your data only with services necessary for the site to function:

• GitHub / LinkedIn: OAuth authentication providers. PrivacyPolicy
• Supabase: Database and Authentication provider. Privacy Policy
• GitHub Pages: Static site hosting. Privacy Policy

Your Rights (GDPR)​

You have the right to access, rectify, and erase your data.

Erasure (Right to be forgotten)​

• OAuth signatures: You can delete your signature instantly via the "Withdraw signature" button on the website.
• Name-only signatures: Please contact us via email at manifesto@software-craftsmanship.dev. We will delete your entry manually.

Data Security & Spam Protection​

To prevent abuse, we use technical measures including:

• Dynamic CAPTCHA: Simple mathematical questions to prevent automated submissions.
• Rate Limiting: We may use local browser storage to temporarily limit the frequency of requests from a single client.

We do not track IP addresses for this purpose to protect your privacy.

Contact​

For privacy inquiries or deletion requests:

• Email: manifesto@software-craftsmanship.dev
• GitHub: github.com/software-craftsmanship-dev/ai-manifesto