Privacy Policy

1. Information We Collect

Categories, sources, and nature of data collected

Dirty Rice collects personal information through multiple channels and mechanisms as described below. For purposes of this Policy, “personal information” or “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. The categories of personal information we collect include, but are not limited to, the following:

1.1 Information You Provide Directly and Voluntarily

When you affirmatively interact with features of the Site, you may provide us with personal information including, without limitation:

• Account Registration Data: When you create a user account via our authentication provider (Supabase Auth), we collect your email address, a chosen username or display name, and an encrypted password credential. Passwords are hashed using the bcrypt adaptive hashing algorithm and are never stored, logged, or transmitted in plaintext, recoverable, or reversible form by any component of Dirty Rice's infrastructure. You represent, warrant, and guarantee that all registration information you provide is truthful, accurate, current, complete, and that such information does not violate any applicable law or third-party right.
• User-Submitted Comments: When you post a comment on a blog post or other content item, we collect the full text of your comment, your user account identifier, the timestamp of submission, and metadata associating your comment with the relevant content item. Comments posted under your account are associated with your user profile and may be publicly visible to all Site visitors without geographic restriction. You acknowledge that publicly posted comments are by their nature accessible to any individual with internet access.
• Contact Form Submissions: When you submit a message through our contact form, we collect your name, email address, message subject line, and the complete text of your message. This information is used solely for responding to your inquiry and maintaining internal correspondence records. We do not use contact form submissions for unsolicited marketing, behavioral profiling, or any ancillary commercial purpose.
• User Profile Data: If you choose to update your user profile, you may optionally provide a display name and an avatar image URL pointing to an externally hosted image. Profile information you voluntarily provide is associated with your account and may be displayed publicly alongside your contributions to the Site. You are solely and exclusively responsible for the accuracy, legality, and appropriateness of all profile information you submit, and you warrant that such information does not infringe any third-party intellectual property, privacy, or other rights.
• Content Ratings: When you submit a numeric rating for a blog post or other content item, we store your user account identifier, your rating value, the identifier of the rated content item, and the timestamp of rating submission. Aggregate rating data derived from user submissions may be publicly displayed on the Site.

1.2 Information Collected Automatically Through Technical Means

Certain information is collected automatically as a necessary and unavoidable consequence of accessing the Site through standard internet infrastructure. By accessing the Site, you consent to the automated collection of this technical data:

• Server Access Logs: Our hosting infrastructure, operated by Vercel, Inc., automatically generates server access logs for every HTTP or HTTPS request made to the Site. These logs may include your Internet Protocol (IP) address or IP address range, browser type and version string, operating system and platform identifier, referring URL, requested URL and query parameters, HTTP response status code, bytes transferred, date and time of access (UTC), and user-agent string. These logs are collected and retained for operational maintenance, performance monitoring, security analysis, abuse prevention, and compliance purposes. You acknowledge that server log data is transmitted to our servers as part of the standard TCP/IP communication protocol and that such transmission is a necessary condition of accessing the Site over the public internet.
• Analytics and Aggregate Traffic Data: We may deploy privacy-respecting, minimally invasive analytics tools to collect aggregate data regarding how users interact with the Site, including page views, session duration, navigation paths, device type and category, browser type, coarse geographic region (country or state level), and referral sources. Where such tools are used, we configure them to minimize individual personal data collection and to avoid cross-site behavioral tracking. Aggregate analytics data does not, standing alone, identify individual users.
• Browser Storage Technologies: We utilize browser-based storage mechanisms, including HTML5 localStorage, for the limited purpose of persisting user interface preferences such as dark or light color theme selection. Authentication session continuity is maintained through secure, HttpOnly, SameSite-protected cookies issued by Supabase Auth, which are technically necessary for authenticated features of the Site. For a complete inventory of all storage technologies deployed, see Section 5 of this Policy.
• Device and Technical Identifiers: We may passively receive device identifiers, hardware model references, operating system version data, screen resolution, and other technical attributes transmitted as part of standard browser HTTP request headers. This information is used solely to optimize Site rendering and performance across heterogeneous devices and platforms, and is not used to construct individual behavioral or psychographic profiles.

1.3 Information from Third-Party Identity Providers

Dirty Rice currently offers email-based account registration and authentication. In the event that Dirty Rice introduces OAuth-based, OpenID Connect, or other federated single sign-on authentication in the future (e.g., via Google, Discord, or similar identity providers), such third-party providers may transmit to Dirty Rice, subject to your explicit, informed authorization grant, personal information including your name, email address, profile photograph URL, and other profile attributes disclosed by such provider in accordance with your authorization. Dirty Rice will materially update this Policy prior to enabling any such third-party authentication integration and will seek renewed consent where required by applicable law. The independent data practices of any third-party identity provider are governed exclusively by that provider's own privacy policy, over which Dirty Rice exercises no supervisory control.

2. How We Use Your Information

Purposes of processing and applicable legal bases

Dirty Rice processes personal information only for specific, legitimate, and disclosed purposes, and not in ways incompatible with those purposes absent a lawful basis. The following table identifies each processing purpose, the data categories involved, and the applicable legal basis to the extent required under applicable data protection law:

Dirty Rice will not process personal information for any purpose that is materially different from, incompatible with, or not reasonably ancillary to the purposes described above without first providing clear notice and, where required by applicable law, obtaining express prior consent. Where Dirty Rice relies on legitimate interests as a lawful basis for processing, Dirty Rice has conducted a balancing assessment and determined that such interests are not overridden by your fundamental rights and freedoms, given the limited nature and scope of data processing activities on the Site.

3. How We Share Your Information

Disclosures to third parties and conditions thereof

Dirty Rice may disclose your personal information only in the following strictly limited circumstances, and only to the minimum extent reasonably necessary to accomplish the stated legitimate purpose:

• Authorized Service Providers (Data Processors): Dirty Rice engages a limited number of carefully vetted third-party vendors (“Data Processors”) that process personal information strictly on Dirty Rice's behalf and pursuant to Dirty Rice's documented instructions. Current Data Processors include: (a) Supabase, Inc., providing database hosting, authentication services, and row-level security infrastructure on Amazon Web Services infrastructure in the United States; (b) Vercel, Inc., providing web application hosting, content delivery, edge functions, and server-side rendering infrastructure operated on a global edge network; and (c) transactional email providers (e.g., Resend) used solely for sending account-related system notifications. Each Data Processor is contractually bound by written data processing agreements that restrict processing to Dirty Rice's documented instructions, impose confidentiality obligations, require appropriate technical and organizational security measures, prohibit unauthorized sub-processing, and require assistance in fulfilling data subject rights obligations under applicable law.
• Legal Process and Compelled Disclosure: Dirty Rice may disclose personal information when it has a good-faith, objectively reasonable belief that disclosure is legally required by a valid and binding subpoena, court order, search warrant, civil investigative demand, or other mandatory legal process issued by a federal, state, or local court or governmental body of competent jurisdiction; or to comply with applicable law or regulation; or in response to a law enforcement request in connection with a bona fide criminal investigation or genuine emergency safety matter. To the extent not legally prohibited, Dirty Rice will endeavor to provide advance notice to affected users before complying with compelled disclosure, unless providing notice would create a risk of harm or obstruct an active investigation.
• Protection of Rights, Safety, and Vital Interests: Dirty Rice may disclose personal information where reasonably necessary to enforce, exercise, or defend our legal rights under these Terms or any other agreement; to investigate, detect, prevent, or take remedial action against suspected fraud, unauthorized system access, security breaches, or malicious activity; to protect the safety, health, or vital interests of any person; or to discharge mandatory legal reporting obligations, including mandatory reports of child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and appropriate law enforcement authorities.
• Corporate Transactions:In connection with a proposed or actual merger, acquisition, consolidation, reorganization, joint venture, bankruptcy, dissolution, or sale or transfer of all or substantially all of Dirty Rice's assets, personal information may be disclosed to prospective or actual acquirers, successors, investors, or advisors as part of due diligence or as a transferred asset, subject to standard confidentiality obligations. Prior to any transfer in which your personal information would become subject to a materially different privacy policy, Dirty Rice will provide advance notice and a reasonable opportunity to exercise available rights.
• Publicly Submitted User Content: Content you voluntarily submit for public display on the Site (including comments posted under your username) is, by its nature and with your consent, accessible to all Site visitors and to the general public. By voluntarily submitting public user content, you acknowledge and agree that such disclosure does not constitute a privacy violation by Dirty Rice.
• Aggregated and De-Identified Statistics: Dirty Rice may share aggregated, anonymized, or de-identified statistical information that cannot reasonably be used to identify any individual for research, business analysis, or promotional purposes.
• With Your Express Consent: With your prior, express, specific, and informed consent, Dirty Rice may share personal information with third parties for purposes not otherwise described in this Policy. You may withdraw such consent at any time; however, withdrawal does not affect the lawfulness of any sharing that occurred prior to withdrawal.

4. Data Retention

Retention periods, policies, and governing rationale

Dirty Rice retains personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with legal, regulatory, tax, accounting, or audit obligations, to resolve disputes, to exercise or defend legal rights and claims, and to protect Dirty Rice's legitimate operational interests. When personal information is no longer required for these purposes and no other lawful basis for its retention exists, Dirty Rice takes commercially reasonable steps to securely delete, destroy, or irreversibly anonymize it. Retention periods by data category are as follows:

• Account Registration Data: Retained for the duration of the active account relationship. In the event of account deletion, account records and directly associated personally identifiable profile data will be permanently deleted or irreversibly anonymized within thirty (30) calendar days, except to the extent that continued retention is required or expressly permitted by applicable law, regulation, valid legal process, or for the establishment, exercise, or defense of legal claims.
• User-Submitted Comments: User comments are retained as part of the community record for the life of the associated blog post or content item, or for such shorter period as Dirty Rice determines in its reasonable discretion. Upon account deletion, comment authorship is anonymized by replacing identifying attribution with a generic identifier (e.g., “[deleted user]”), and the substantive content of such anonymized comments may be retained indefinitely as part of legitimate community and editorial record-keeping.
• Contact Form Submissions: Personal information submitted through the contact form is retained for a period of up to twelve (12) months from the date of original submission for correspondence management and records retention purposes, and is thereafter permanently deleted unless its retention is required to support an ongoing legal matter, regulatory inquiry, or compliance obligation.
• Server Access Logs: Infrastructure logs collected by Vercel, Inc. are retained subject to Vercel's own data retention policies, which Dirty Rice understands to typically involve retention for a period of thirty (30) to ninety (90) days. Users are encouraged to consult Vercel's privacy policy for authoritative information on log retention practices.
• Authentication Session Data: Session tokens and authentication cookies are retained for the duration of your active authenticated session, or for up to one (1) year where a persistent session is maintained, and are cryptographically invalidated upon explicit logout or account deletion.
• Content Ratings: Rating data is retained for the duration of the active account relationship and the life of the rated content item, and is anonymized upon account deletion.
• Legal Hold Override: Notwithstanding any stated retention period above, Dirty Rice reserves the right to retain any category of personal information for such additional period as may be required to comply with a legal hold, litigation preservation obligation, regulatory investigation, governmental inquiry, audit, or other legal process, and for such period as is necessary to satisfy applicable legal, regulatory, tax, or accounting obligations. Legal hold retention takes precedence over all standard retention schedules.

5. Cookies, Local Storage & Tracking Technologies

Complete inventory of client-side storage technologies

Dirty Rice employs a strictly limited set of browser storage technologies. Dirty Rice does not deploy third-party advertising cookies, behavioral tracking pixels, cross-site tracking mechanisms, probabilistic or deterministic device fingerprinting technologies, supercookies, or any technology designed to track your activities across websites or services not operated by Dirty Rice. By accessing and continuing to use the Site, you consent to the placement and use of the strictly necessary storage technologies described herein, to the extent such consent is required under applicable law.

You may clear browser localStorage entries and delete cookies at any time through your browser's settings. Clearing the theme key resets your visual preference. Deleting Supabase authentication cookies terminates your session. Dirty Rice is not responsible for loss of functionality resulting from user modification of browser storage. Dirty Rice does not authorize third parties to place cookies on the Site and disclaims liability for any unauthorized cookies interjected by browser extensions, ISPs, or network intermediaries.

6. Data Security

Technical and organizational measures; acknowledged limitations

Dirty Rice implements and maintains commercially reasonable, industry-standard technical and organizational security measures designed to protect personal information against unauthorized access, use, disclosure, alteration, accidental loss, destruction, and unlawful processing. These measures include, without limitation:

• TLS/HTTPS Encryption in Transit: All communications between user browsers and the Site are encrypted using TLS 1.2 or TLS 1.3. Dirty Rice does not support, permit, or redirect to unencrypted HTTP connections. TLS certificates are automatically provisioned and renewed by Vercel's edge infrastructure.
• Cryptographic Password Hashing: User passwords are processed exclusively through Supabase Auth using the bcrypt adaptive cryptographic hashing algorithm with an appropriate work factor. Passwords are never stored, logged, cached, or transmitted in plaintext, reversible-encrypted, or otherwise recoverable form at any point in Dirty Rice's infrastructure stack.
• Database Row-Level Security (RLS): Dirty Rice's PostgreSQL database instance, hosted on Supabase, is configured with granular Row-Level Security (RLS) policies that enforce fine-grained access control at the database engine layer. All application queries execute within the constraints of these policies, ensuring that authenticated users may only access data to which they are expressly entitled.
• Secrets and Credential Management: All API keys, database connection strings, cryptographic secrets, and third-party service credentials are stored exclusively as environment variables within Dirty Rice's Vercel deployment environment. No credentials are hardcoded in source code, committed to version control, or exposed in client-side JavaScript bundles.
• DDoS Mitigation and Network Perimeter Security: The Site benefits from Vercel's globally distributed edge network, which provides DDoS mitigation, Web Application Firewall (WAF) capabilities, IP-level rate limiting, and automated threat detection mechanisms.
• Principle of Least Privilege: Access to personal information within Dirty Rice's systems is restricted to those individuals and automated processes that have an explicit, documented need-to-know for their authorized functions. Dirty Rice minimizes the number of humans and automated services with access to personal information.
• Vendor Security Reliance: Dirty Rice relies on the security programs, controls, and representations of its Data Processors, including Supabase and Vercel, as documented in their respective security documentation, SOC reports (where available), and data processing agreements.

7. Your Privacy Rights and Choices

Legally available rights depending on your jurisdiction

Depending on your jurisdiction of residence and the applicable data protection or privacy law, you may have certain enforceable rights with respect to personal information that Dirty Rice holds about you. Dirty Rice will honor rights that are legally mandated under applicable law. The availability, scope, preconditions, and limitations of such rights vary meaningfully by jurisdiction. The following rights description is provided for informational purposes and does not constitute a representation that all described rights are available to all users in all jurisdictions:

• Right of Access (Right to Know): Where mandated by applicable law, you may request confirmation of whether Dirty Rice processes personal information about you and, if so, request a copy of such data along with information about the categories of data, the purposes of processing, the categories of recipients, and the planned retention period.
• Right to Rectification (Correction): Where applicable, you may request that Dirty Rice correct personal information that is demonstrably inaccurate, factually incorrect, incomplete, or materially misleading. You may also correct certain account attributes directly through your account settings interface.
• Right to Restriction of Processing: In specific circumstances prescribed by applicable law, including where you contest the accuracy of data pending verification, where processing is alleged to be unlawful but you oppose deletion, where Dirty Rice no longer needs data but you require it to assert a legal claim, or where you have objected to processing pending Dirty Rice's determination of legitimate grounds, you may request that Dirty Rice restrict active processing of your data to storage-only status pending resolution.
• Right to Data Portability: Where processing is based on consent or contractual necessity and is carried out by automated means, you may have the right to receive personal information you have provided to Dirty Rice in a structured, commonly used, machine-readable format, and to transmit it to a third-party controller where technically feasible without hindrance from Dirty Rice.
• Right to Object: Where applicable, you may object to Dirty Rice's processing of your personal information based on legitimate interests. Upon receipt of a valid objection, Dirty Rice will cease processing unless it can demonstrate compelling legitimate grounds that override your rights and interests, or the processing is necessary for the establishment, exercise, or defense of legal claims.
• Right to Withdraw Consent: Where Dirty Rice processes personal information solely based on your consent as the legal basis, you may withdraw such consent at any time. Withdrawal is prospective only and does not affect the lawfulness of consent-based processing prior to withdrawal. Following withdrawal, Dirty Rice will cease consent-dependent processing activities, subject to any overriding legitimate interest or legal obligation.
• Right to File a Regulatory Complaint: If you believe Dirty Rice has violated your privacy rights under applicable law, you have the right to lodge a formal complaint with the competent supervisory authority or data protection regulator in your jurisdiction without prejudice to any other administrative or judicial remedy. Dirty Rice encourages direct contact before formal regulatory proceedings, as many concerns can be resolved cooperatively.

8. Age Restriction

18+ requirement; unauthorized minor access disclaimer

The Site is intended exclusively for individuals who are eighteen (18) years of age or older. Dirty Rice does not knowingly, intentionally, or willfully solicit, collect, process, store, or use personal information from individuals under the age of 18. By accessing the Site, you represent, warrant, certify, and guarantee that you are at least 18 years of age as of the date of access. If you are under 18 years of age, you are not authorized to use the Site and must immediately cease all access and use.

If Dirty Rice discovers, through any means, that personal information has been collected from an individual under the age of 18 without proper authorization, Dirty Rice will take immediate and affirmative steps to permanently delete all such information from its systems and to terminate any account associated with such individual. Dirty Rice expressly and fully disclaims all liability for any unauthorized access to the Site by individuals under the age of 18, including all data processing that occurs as a result of such unauthorized access prior to Dirty Rice's discovery thereof.

Dirty Rice does not operate features directed at persons under 18, does not knowingly collect information from minors, and does not maintain personal information of individuals under 18 in any of its operational databases. This Policy is not intended to invoke obligations under the Children's Online Privacy Protection Act (COPPA) because the Site is not directed to children and Dirty Rice does not have actual knowledge of collecting information from any child under 13. The age restriction applicable to the Site is 18, not 13.

9. International Data Transfers

Cross-border data flows and legal transfer mechanisms

Dirty Rice is operated from the United States. The Site's primary hosting infrastructure is located in the United States and, via content delivery networks, at edge computing nodes distributed globally. If you access the Site from a country outside the United States, including from EEA member states, the United Kingdom, Canada, Australia, or any other jurisdiction that imposes restrictions on the cross-border transfer of personal information, your personal information will be transferred to, stored in, and processed in the United States, where data protection and privacy laws may differ materially from, and may not afford the same level of legal protection as, those in your home jurisdiction.

By accessing and using the Site from any jurisdiction, you explicitly, freely, and unambiguously consent to the transfer of your personal information to the United States to the extent necessary for Dirty Rice to perform its obligations to you and to operate the Site. For users in the EEA, United Kingdom, or Switzerland, Dirty Rice relies on Standard Contractual Clauses (SCCs) as approved by the European Commission, or other appropriate safeguards recognized under applicable data protection law, as the mechanism to legitimize such transfers where required.

You acknowledge and accept that data protection laws in the United States do not provide the same level of protection as those in your home jurisdiction, and that you accept this difference in protection as a condition of accessing and using the Site.

10. Third-Party Links, Embeds & External Services

External services and Dirty Rice's absence of liability

The Site contains hyperlinks to external third-party websites and may include embedded content from third-party platforms including, but not limited to, YouTube (Google LLC), Twitch Interactive Inc. (an Amazon.com company), and Discord, Inc. When you follow a hyperlink to, or interact with embedded content from, any third-party service, you leave Dirty Rice's informational control and become subject exclusively to that third party's independent privacy policy, terms of service, and data practices. Certain embedded services (e.g., YouTube iframes) may collect data from you directly upon page load, independent of any affirmative interaction on your part, subject to those services' own cookie and tracking policies.

Dirty Rice has no control over, makes no warranty or representation regarding, and expressly disclaims all responsibility and liability for: (a) the availability, content, accuracy, or legality of any third-party website or service; (b) the data collection, processing, retention, sharing, or security practices of any third party; (c) any harm, loss, damage, or expense arising from your access to or use of any third-party website or service; or (d) the terms of any transaction you enter into with any third party.

The inclusion of a hyperlink or embedded content element on the Site does not constitute Dirty Rice's endorsement, sponsorship, affiliation with, or recommendation of the linked or embedded service, its operators, or its content. You access all third-party services entirely at your own risk and are solely responsible for reviewing and complying with each third party's applicable privacy policies and terms of service.

11. Florida Law Applicability

Florida Information Protection Act and applicable state law

Dirty Rice is operated in the State of Florida. To the extent applicable, this Policy is designed to comply with the Florida Information Protection Act (FIPA), Fla. Stat. § 501.171, and all other applicable Florida consumer protection statutes and regulations governing the collection, maintenance, and handling of personal information. In the event of a security breach affecting your personal information as defined under FIPA, Dirty Rice will provide required notification to affected individuals and to the Florida Department of Legal Affairs in the manner and within the timeframes mandated by FIPA.

This Policy, and any dispute arising from or relating to it, shall be governed by and construed in accordance with the laws of the State of Florida and applicable federal law. All disputes shall be subject to the exclusive jurisdiction of the courts of Hillsborough County, Florida, as further described in our Terms of Use. Nothing in this Policy shall be construed to waive or limit any unwaivable right expressly guaranteed to Florida residents or other users under applicable mandatory law.

12. Changes to This Privacy Policy

Amendment authority, process, and binding effect

Dirty Rice reserves the unilateral right to amend, modify, update, supplement, or replace this Privacy Policy at any time and in its sole and absolute discretion, without prior notice, to reflect changes in its data practices, applicable law, the features and functionality of the Site, or for any other reason Dirty Rice deems appropriate. All amendments take effect immediately upon posting to this page with an updated effective date, unless a longer notice period is expressly required by applicable law.

For amendments that Dirty Rice, in its reasonable judgment, considers material, Dirty Rice will endeavor to provide advance notification through one or more of the following channels: (a) a prominent notice on the Site homepage; (b) a notification within the user interface; or (c) an email to the address on file for your account. “Material changes” include, without limitation, changes that significantly expand Dirty Rice's collection or processing of personal information, changes that materially reduce your rights, or changes to Dirty Rice's data-sharing practices.

Your continued access to or use of the Site following the posting of any revised Policy constitutes your unconditional, binding acceptance of and consent to the entirety of the revised Policy. If you do not accept any revised Privacy Policy, your sole remedy is to immediately and permanently discontinue all access to and use of the Site and, where applicable, to delete your account. Dirty Rice recommends that you periodically review this Policy to remain informed of current data practices.

13. Contact Us

How to get in touch

For questions, concerns, requests, or complaints related to this Privacy Policy, our data practices, or the exercise of any privacy rights described herein, please direct your correspondence to us using the contact information below. Dirty Rice endeavors to respond to all legitimate inquiries within thirty (30) calendar days.