Built with Chinaski

Privacy Policy

This Privacy Policy explains how personal data is handled in connection with the Chinaski content management system ("Chinaski" or "the software") and this website. Chinaski is self-hosted software: when you run an instance, you — not the project — are the controller of the data your instance processes.

1. Scope

This policy covers two distinct contexts:

  • The software — what a Chinaski instance stores when an Operator runs it. The project has no access to this data.
  • This website — the limited data processed when you visit the project's public site.

2. Data the software stores

When an Operator runs a Chinaski instance, the software may store the following in its local SQLite database:

  • Admin accounts — username, email address, display name, and a hashed (never plaintext) password for users created in the admin interface.
  • Form submissions — any data submitted through forms the Operator publishes, including names, email addresses, and custom fields the Operator configures.
  • Session tokens — short-lived, signed values used to maintain admin login sessions.
  • Audit and event logs — records of administrative actions, retained for accountability and debugging.
  • Build and diagnostic logs — output from site build runs, retained for troubleshooting.
  • Configuration and credentials — settings and any third-party API keys the Operator chooses to enter.

This data resides entirely on the Operator's server. The project cannot access it.

3. Data this website processes

When you visit this website, standard server and content-delivery-network logs may record technical information such as your IP address, browser type, referring page, and the pages you request, for security and operational purposes. If a privacy-respecting analytics service is enabled, aggregate usage statistics may be collected. This site does not use cross-site advertising trackers.

4. Cookies

  • Admin interface — a single signed session cookie keeps Operators logged in. It is strictly necessary for authentication.
  • Published sites — a site built with Chinaski sets no cookies by default. Cookies appear only if the Operator enables the optional cookie-notice feature or embeds third-party scripts that set their own.
  • This website — uses only cookies strictly necessary for operation, plus any set by an analytics provider where enabled.

5. Analytics and tracking

Chinaski includes no built-in advertising or cross-site tracking. If an Operator configures a Google Analytics 4 property or a Google Tag Manager container in Settings, those services are embedded in the built HTML and governed by Google's privacy terms. Operators are responsible for obtaining any consent their visitors' jurisdictions require.

6. Third-party processors

If an Operator configures optional integrations — translation providers, SMTP/email services, content-delivery networks, or webhooks — data may be transmitted to those providers solely to perform the requested function. Each provider acts under its own terms and privacy policy. Credentials for these services are stored in the Operator's database; keeping them secure is the Operator's responsibility.

7. Legal bases for processing

Where the EU General Data Protection Regulation (GDPR) or similar law applies, processing in connection with this website relies on legitimate interests (operating and securing the site) and, where required, consent (for optional analytics). For data processed by a Chinaski instance, the Operator determines the legal basis as controller.

8. Your rights

Depending on where you live, you may have rights regarding your personal data, including the rights to access, correct, delete, restrict, or object to processing, the right to data portability, and — under laws such as the GDPR and the California Consumer Privacy Act (CCPA) — the right to know what data is held and the right not to be discriminated against for exercising these rights. To exercise rights regarding data held by a particular Chinaski site, contact that site's Operator, who controls the data. To exercise rights regarding this website, use the project's published contact channels.

9. International transfers

This website may be served through a globally distributed content-delivery network, so request data may be processed in countries other than your own. Where required, appropriate safeguards are relied upon for such transfers.

10. Data retention

Data stored by a Chinaski instance is retained for as long as the Operator keeps it. Operators can delete form submissions, media, and content through the admin interface, and can remove all data by deleting the chinaski.db database file. Website server and analytics logs are retained only as long as needed for the purposes described above.

11. Children's privacy

This website is not directed to children, and the project does not knowingly collect personal data from children. Operators are responsible for any age-related obligations applicable to their own sites.

12. Security

The software is built with security-conscious defaults, including hashed passwords, signed sessions, and a strict content-security policy on the admin interface. No system is perfectly secure, and Operators remain responsible for the security of their servers and databases.

13. Operator responsibilities

If your site collects personal data from visitors, you are the data controller and are responsible for your own privacy notice and for complying with applicable law — including the GDPR, the CCPA, and other regulations in the jurisdictions where your site operates. Chinaski provides tooling; legal compliance is your responsibility.

14. Changes to this policy

This policy may be updated as the software and website evolve. Material changes are reflected by the "Last updated" date below.

15. Contact

Privacy questions about this website may be directed to the project through its published contact channels. Questions about a specific Chinaski site should be directed to that site's Operator.