Menu

Privacy Policy

Last updated: 13 March 2026

A Walled Garden is a platform for curating and sharing cultural recommendations. This policy explains what data we collect, why, and what control you have over it. We have tried to keep it readable and honest.

1. What we collect

Account information. When you create an account we collect your email address, a chosen handle, and an optional display name. Your email is used solely for authentication and account recovery — it is never displayed publicly.

Profile information. You may optionally provide a bio. Your handle, display name, and bio are publicly visible on your garden page.

Content you create. Everything you add to your garden — categories, works, commentary, quotes, re-recommendations — is stored in our database and displayed publicly on your profile. You control what you post and can edit or delete it at any time.

Social data. We store which users you follow, which gardens you save, and which works you like, in order to provide those features. Your follow list is visible on your profile. Saves and likes are private to you.

Reports. If you report content, we store the report reason and your user ID so we can review it. Reports are not publicly visible.

Technical data. We do not use analytics or tracking services. We do not collect IP addresses, device fingerprints, or browsing behaviour beyond what is necessary for standard web hosting (server logs retained by our hosting provider, Vercel).

2. What we do not collect

  • We do not track your browsing activity across the site
  • We do not collect payment information (the service is free)
  • We do not use advertising or marketing trackers
  • We do not collect data from third-party sources
  • We do not build profiles for advertising purposes

3. How we use your data

Your data is used to provide A Walled Garden and nothing else. Specifically:

  • To display your garden, quotes, re-recs, and profile to visitors
  • To let you follow other users and save gardens
  • To authenticate you and enable password recovery
  • To allow content moderation and respond to reports
  • To surface content in our explore pages

We do not sell, rent, or share your personal data with third parties. We do not use your data for advertising. We do not use your content to train machine learning models.

4. Cookies and local storage

We use essential cookies only — specifically, authentication tokens that keep you signed in. We also use browser local storage for minor preferences (such as whether you have dismissed the onboarding guide). We do not use tracking cookies, advertising cookies, or any third-party cookie services.

5. Data storage and security

Your data is stored via Supabase, which runs on AWS infrastructure. Passwords are hashed using bcrypt and are never stored or transmitted in plain text. All connections to the site and database use HTTPS/TLS encryption. We apply row-level security policies in our database to ensure users can only modify their own data.

While we take reasonable precautions to protect your data, no system is perfectly secure. We cannot guarantee absolute security, but we commit to prompt disclosure if a breach occurs.

6. Data retention

We retain your data for as long as your account exists. If you delete your account, all associated data — your profile, garden content, quotes, re-recommendations, follows, saves, and likes — is permanently deleted. We do not retain copies of deleted data.

7. Your rights

You have the right to:

  • Access your data — your garden is publicly visible, and your account data is viewable in Settings
  • Edit your data at any time through your garden or settings
  • Delete your account and all associated data from your Settings page
  • Request a copy of your data by contacting us

If you are in the EU/EEA, you also have rights under the GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, please contact us.

8. Children

A Walled Garden is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, please contact us and we will delete it.

9. Third-party services

We rely on the following third-party services to operate:

  • Supabase — database, authentication, and file storage
  • Vercel — web hosting and deployment

These providers have their own privacy policies. We do not share data with any services beyond what is necessary for hosting and operating the platform.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will update the date at the top of this page and, where practical, notify users via the site. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this policy, wish to exercise your data rights, or need to report a privacy concern, please reach out via the contact information on our About page.