Information We Collect
We collect information in two ways. First, account data: when you register, we collect your name, email address, and a securely hashed password. Second, usage data: we collect anonymized, first-party analytics including page views, session duration, and navigation patterns. We also collect device and browser information (such as screen size and browser type) for the purpose of improving site performance. We also record the approximate country of origin, derived server-side from your IP address at request time. We do not collect sensitive personal information such as government ID numbers, financial data, or biometric data. We never collect data we do not need.
How We Use Your Information
We use your information exclusively to operate and improve this site. Specifically: to provide access to content based on your account tier (public, registered, or supporter); to manage your account and verify your email address; to respond to contact form inquiries; to send transactional emails (account verification, password resets) and, where you have opted in, newsletter and content update emails; to deliver in-app notifications via the site notification inbox (such as new content alerts, system announcements, and account-related messages); to record which research papers and documents you download, so we can understand content usage and improve our offerings; to analyze usage patterns to improve the quality and relevance of our content; and to detect and prevent unauthorized access or abuse. We do not use your data for advertising, profiling, or any purpose beyond operating and improving this service.
Analytics & Tracking
We operate entirely first-party analytics — we do not embed Google Analytics, Meta Pixel, or any other third-party tracking service. Analytics data is collected and processed by us directly. We track page views, navigation flows, session identifiers, browser user-agent strings, and referrer URLs to understand how visitors use the site and to improve performance. For logged-in users, page views and PDF download events may be associated with your account to help us personalize your experience and understand which content is most valuable. We record the country of origin, derived server-side from the IP at request time (the raw IP is not stored — only its hash). IP addresses are hashed before storage and cannot be used to identify individuals. No cross-site tracking of any kind occurs.
Email Communications
Email delivery is processed through Brevo (formerly Sendinblue), a GDPR-compliant email service provider based in France. When you submit a contact form or create an account, your email address is transmitted to Brevo for the purpose of sending that communication. Transactional emails — account confirmations, email verification, password resets, and security alerts — are sent regardless of marketing preferences, as they are necessary for account operation. Content update emails and editorial announcements are sent only to users who have opted in to receive them. You may withdraw that consent and unsubscribe at any time via the link in any such email, or by contacting us directly. In addition to email, we may deliver messages through the in-app notification inbox visible when you are logged in. These notifications include new content alerts, system announcements, and account-related messages. Inbox notifications do not require a separate opt-in and can be dismissed or marked as read at any time.
Data Storage & Security
Your data is stored in a PostgreSQL database hosted by Neon, located in EU Central (Frankfurt, Germany). Our platform is hosted on Vercel, with infrastructure distributed across secure data centers. All data in transit is encrypted via TLS. Passwords are never stored in plain text — they are hashed using industry-standard algorithms before storage. We do not sell, trade, rent, or transfer your personal data to any third party for their own purposes. Access to your data is restricted to authorized personnel only.
Your Rights (GDPR)
If you are located in the European Economic Area or elsewhere where data protection law applies, you have the following rights regarding your personal data: the right to access the data we hold about you; the right to rectification of inaccurate data; the right to erasure ('right to be forgotten') — you may request deletion of your account and all associated personal data; the right to data portability — you may request a copy of your data in a machine-readable format; the right to withdraw consent at any time for processing based on consent (such as marketing emails); and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at contact@thefirstverse.com. We will respond within 30 days.
Cookies & Local Storage
We use session cookies solely for authentication — to keep you logged into your account during a browsing session. These cookies expire when you close your browser and contain no personally identifiable information beyond a secure session token. We do not use persistent cookies, advertising cookies, or third-party cookies of any kind. We may use sessionStorage (a browser mechanism that stores data only for the duration of a single tab session) to temporarily hold anonymized analytics data before it is processed. This data is never transmitted to third parties and is automatically cleared when the tab is closed.
Third-Party Services
We use a small number of third-party service providers to operate this site. Brevo handles transactional and marketing email delivery (brevo.com/privacy-policy/). Vercel provides our hosting infrastructure (vercel.com/legal/privacy-policy). Neon provides our database infrastructure (neon.tech/privacy-policy). Each of these providers processes data on our behalf under data processing agreements consistent with GDPR requirements. We do not embed any social media plugins, advertising networks, or other third-party tracking tools.
Children's Privacy
This site is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at contact@thefirstverse.com and we will delete the relevant data promptly.
Data Retention
We retain account data for as long as your account remains active, plus a reasonable period thereafter to comply with legal obligations and resolve disputes. Contact form inquiries are retained for up to 12 months and then deleted. Anonymized analytics data may be retained indefinitely, as it cannot be used to identify individuals. If you request deletion of your account, we will delete or anonymize all associated personal data within 30 days, except where retention is required by law.
International Data Transfers
Our database is located in Frankfurt, Germany (EU). Our hosting provider, Vercel, operates globally; however, your data is processed under their standard data processing agreements which include appropriate safeguards for international transfers. Brevo is based in France (EU). Where data is transferred outside the European Economic Area, we ensure that appropriate safeguards — such as Standard Contractual Clauses — are in place in accordance with GDPR requirements.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the date at the bottom of this page. For significant changes, we may also notify registered users by email. We encourage you to review this page periodically to stay informed about how we protect your data.
Contact
For privacy-related inquiries, to exercise your data rights, or to reach our data protection contact, please write to contact@thefirstverse.com. We aim to respond to all privacy requests within 30 days. This policy was last revised 2026-04.