em—dash

Privacy Policy

Last updated: 2026-04-06

Short version

We collect as little as possible. No advertising trackers, no third-party analytics, no cookie banners because there's nothing to consent to beyond the session cookie you get when you sign in. The marketplace source code is public, so you can verify this yourself.

What we collect

GitHub account data when you sign in with GitHub: your public GitHub ID, username, and avatar URL. We store these so we can attribute plugins and themes to you, credit you as a reviewer, and surface your profile on the marketplace.

Install events when an EmDash CMS instance installs a plugin from this marketplace. The CMS sends us a SHA-256 hash of its site identity, the plugin id, and the version number. The hash is irreversible — we cannot identify the site or user behind it. Each hash+plugin+version triple is deduplicated so each site counts once per version.

Rate-limit metadata on API endpoints. We track request counts per IP address and per minute bucket in our database to prevent abuse. IP addresses are discarded after one hour by a scheduled cleanup job.

Plugin bundles, manifests, and findings you upload. These are stored in Cloudflare R2 and D1 for as long as the plugin is on the marketplace. Bundles carry a SHA-256 checksum so tampering is detectable.

Reports you file. When you report a plugin or theme, we store your description, the category, and (if you're signed in) your GitHub user id. Anonymous reports are supported — in that case the reporter_author_id column stays null.

What we do NOT collect

  • No Google Analytics, Plausible, Fathom, or other third-party tracking.
  • No fingerprinting or cross-site tracking scripts.
  • No email addresses (we don't send marketing emails — we don't send any emails at all currently).
  • No precise location data beyond the IP address used for rate limiting, which is discarded hourly.
  • No behavioural data about what pages you read or how long you spend on them.

Cookies

One cookie: a signed session JWT issued when you complete GitHub OAuth. It's HTTP-only, Secure, SameSite=Lax, and expires after 30 days. It contains your internal author id, your GitHub id, and your GitHub username — nothing else. We don't set any other cookies.

Third parties

We pass through your login request to GitHub for OAuth. GitHub's own privacy policy applies to that interaction. We also call Cloudflare Turnstile to verify anonymous reports aren't from bots — Turnstile is privacy-preserving by design and does not track users across sites.

Our infrastructure runs on Cloudflare Workers, D1 (SQLite), R2 (object storage), and Workers AI. As the hosting provider, Cloudflare processes all requests.

Data retention

  • Account data is kept until you request deletion.
  • Plugin and theme bundles are kept indefinitely so the version history stays honest.
  • Rate-limit rows are deleted hourly by a scheduled job.
  • Audit records and reports are kept indefinitely as part of the public review history.

Your rights

You can request a copy of your data, a correction to your data, or deletion of your account by opening an issue on GitHub or emailing the operator. For account deletion: your authored plugins and themes will have your username replaced with "[deleted author]" so the version history remains honest, and your reviews and reports will be anonymised.

Questions

Open an issue at github.com/chrisjohnleah/emdashcms-org/issues with the "privacy" label.