Privacy Policy

Last updated: April 2026

1. Introduction

O Melhor Site is a personal website operated by Afonso Coutinho. This document explains what data we process, why, and what rights you have under the EU General Data Protection Regulation (GDPR).

2. Data we process

We only process the data we strictly need to operate the service:

  • Account information you provide: email, name, handle, optional gender and country.
  • Content you create or upload: files, playlists, notepads, songs, messages, etc.
  • OAuth tokens for connected providers (Google, GitHub, Spotify) - stored encrypted at rest, never shared.
  • Support tickets you open, including any screenshot you choose to attach.
  • Server logs containing request metadata (IP, user agent, path, status). Kept for security and abuse mitigation, rotated within a few weeks.

3. Browser storage

We use the browser's localStorage for strictly technical purposes:

  • Authentication token, so you stay signed in.
  • A flag remembering you saw this notice.
  • Encryption keys for your private notepads, kept locally so we cannot read them.

We do not set tracking cookies. We do not embed third-party tracking scripts.

4. Analytics

We use Plausible Analytics, a cookieless and privacy-preserving alternative to Google Analytics. It does not use cookies, does not collect personal data, and is GDPR/PECR-compliant by design. Aggregated visit counters are kept on infrastructure self-hosted in the EU.

5. Third-party processors

Some features rely on external services. We only share the minimum data needed for them to work:

  • Google / GitHub OAuth - only when you choose to sign in with them.
  • Spotify Web API - only if you connect your Spotify account, to read playlists for syncing.
  • SMTP relay - to deliver transactional and ticket-update emails.
  • Object storage (S3-compatible, EU region) - to store uploaded files.

6. Retention

We keep your data while your account is active. When you delete your account, all associated data (files, playlists, tickets, identities) is permanently removed within 30 days. Server logs are rotated within a few weeks regardless.

7. Your rights

Under GDPR you can:

  • Access the data we hold about you.
  • Delete your account and all related data, from the account dashboard.
  • Request a copy of your data in a portable format.
  • Object to or restrict specific processing.
  • Lodge a complaint with the Portuguese DPA (CNPD).

8. Contact

For any privacy question, including access or erasure requests: open a support ticket