Privacy Policy

What we collect, why we collect it, and how you stay in control.

Last updated: 26 June 2026.

The Short Version

Who We Are

ThugBible is a community-built slang dictionary at thugbible.com. For any privacy question, email [email protected]. We respond within 30 days.

What We Collect, Why, and on What Legal Basis

Account Data

When you register, we store your username, email address, and either a securely hashed password (if you set one) or sign-in link records (our default sign-in method). Legal basis: contract — we need this to give you an account (GDPR Article 6(1)(b)).

Content You Submit

Words, definitions, example sentences, etymologies, votes, and comments you submit become part of the ThugBible dictionary. We store these to display the dictionary and improve it. Legal basis: contract and legitimate interest (GDPR Article 6(1)(b) and (f)).

Newsletter

If you subscribe to our newsletter, we store your email address, an IP hash (see below), and subscription source. You can unsubscribe with one click in every email. Legal basis: consent (GDPR Article 6(1)(a)). We use single opt-in. If we enable email open or click tracking, we will update this section and, for EU/UK subscribers, treat tracking pixels as requiring consent under CNIL Decision No. 2026-042.

Technical Data for Rate-Limiting and Deduplication

We generate a one-way irreversible hash of your IP address combined with the current date. This hash is used only for rate-limiting and deduplicating pageviews. We never store your raw IP address, and the hash cannot be reversed to recover it. Legal basis: legitimate interest (GDPR Article 6(1)(f)) — protecting the integrity of voting and content submission.

Analytics

We use Google Analytics 4 (GA4) to understand how the site is used. GA4 does not store full IP addresses — Google removed that capability entirely. For visitors in the EU and UK, GA4 only fires after you give consent via our cookie banner (Google Consent Mode v2). We have a signed Data Processing Agreement with Google and rely on Standard Contractual Clauses for data transfers to the US. We set GA4 data retention to 14 months.

Cookies

ThugBible sets the following cookies:

Strictly necessary (no consent required — these are required to operate the site):

Analytics (consent required for EU/UK visitors):

We do not set any marketing or advertising cookies. If we ever add an ad network, we will update this section and present a renewed consent banner before any ad cookies fire.

Our cookie banner offers Accept and Reject with equal prominence. No boxes are pre-ticked. You can change your choice any time by clicking the cookie settings link in the footer. We honor Global Privacy Control (GPC) signals.

What We Don't Collect

We do not collect payment data (there are no paid features). We do not collect precise geolocation. We do not collect your contacts, photos, or device sensor data. We never request biometric identifiers or government identification numbers. We do not knowingly collect any personal data from children under 13.

How Long We Keep It

Account data is kept until you delete your account. Rate-limit hashes and server logs are deleted within 30 days. Cached files (OG share cards, dedup hashes) are purged within 1 to 90 days. Backups are retained for a maximum of 30 days. GA4 data is set to 14-month retention in our property settings.

Who We Share It With

We do not sell, rent, or trade your personal data. We share data only with the following processors, strictly for operating the site:

Resend (Plus Five Five, Inc., US)

Our email delivery provider for transactional emails (magic-link sign-in, account notices) and the newsletter. Resend is certified under the EU-US Data Privacy Framework and its UK Extension. A Data Processing Agreement with Standard Contractual Clauses is in place. Data is processed in the United States.

Google LLC

Google Analytics 4 for site analytics. Data Processing Agreement and Standard Contractual Clauses are in place. Data is processed in the United States and other Google infrastructure locations.

Our Hosting Provider

Our infrastructure provider stores and serves the site. They have access to server-level logs but not user content or personal data beyond what passes through the server. We treat them as a data processor.

Advertising (Placeholder)

We do not currently display third-party advertising. If we add one in future, this policy will be updated to name the partner, its cookies, and opt-out links. EU and UK readers will be served only after giving consent via our cookie banner.

International Data Transfers

Resend and Google operate in the United States. We rely on the EU-US Data Privacy Framework (Resend) and Standard Contractual Clauses (Google and Resend) as transfer mechanisms for EU and UK personal data. By using ThugBible, you acknowledge that your data may be processed in countries with different data protection laws than your own.

Your Rights

Depending on where you live, you have some or all of the following rights over your personal data: the right to access a copy of what we hold about you; the right to correct inaccurate data; the right to delete your data; the right to restrict or object to processing; the right to data portability; and the right to withdraw consent at any time (for data processed on the basis of consent, such as analytics cookies and the newsletter — withdrawal doesn't affect prior processing).

To exercise any of these rights, email [email protected]. We'll respond within 30 days. You can also delete your account directly from /account.

EU users have the right to lodge a complaint with the supervisory authority in their member state. UK users can contact the ICO at ico.org.uk. California residents may contact the California Privacy Protection Agency.

California Residents

ThugBible is below the California Consumer Privacy Act thresholds and is not legally required to comply, but we honor CCPA-style rights anyway because we think it's the right thing to do. We do not sell or share personal information as defined by CCPA. We honor Global Privacy Control (GPC) signals — if your browser sends a GPC signal, we treat it as an opt-out of any data sharing for targeted advertising. There is currently no targeted advertising on the site.

Children

ThugBible is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we learn that a registered account belongs to a user under 13, we will delete the account and its associated data promptly. If you believe a child under 13 has registered, email [email protected]. We comply with the Children's Online Privacy Protection Act (COPPA) as amended, including the updated Rule effective 23 June 2025.

Security

Passwords are stored only as irreversible cryptographic hashes — we cannot see your password and neither can anyone who accesses our systems. We never store raw IP addresses. All connections to ThugBible use HTTPS. Internal staff access is restricted and protected. We apply security updates on an ongoing basis. No system is 100% secure, and we can't guarantee absolute security, but we take reasonable and appropriate technical measures to protect your data.

Updates to This Policy

We may update this policy when our practices change. If the changes are material — such as adding an ad network or a new data processor — we'll display a banner notice on the site for at least 30 days before they take effect.

Contact

Privacy questions, data requests, or complaints: [email protected].