Privacy Policy

The controller of your personal data is: • Nils Putniņš • Contact: info@bija.lv • This policy applies to the bija.lv service.

We collect only the data necessary to operate the service: • For subscriptions: email address, full name, gender, city, optional phone number, delivery time, and language preference • For comments: the comment content (a commenter's full name and city are displayed PUBLICLY alongside the comment) • For security: IP address and browser information (User-Agent) are used solely for in-memory rate limiting — they are not stored long-term.

We process your data for the following purposes: • Sending daily fact emails and managing your subscription • Publishing and moderating comments • Ensuring the security and operation of the service Lawful basis (GDPR Article 6): your consent (subscriptions and comments) and our legitimate interests (security and operation of the service).

We use only cookies necessary for the service to function: • A "session" cookie (httpOnly, SameSite Lax, valid for 30 days) to keep you signed in • A CSRF cookie to protect against forged requests • Browser localStorage stores only your settings (theme, text size, contrast, and a tooltip flag) For visitor statistics we use a privacy-friendly, cookieless analytics solution that collects no personal data and uses no tracking cookies.

To operate the service we rely on the following trusted processors: • An email delivery provider (SMTP, via Nodemailer) • A MongoDB database hosting provider • OpenAI — comment content is sent for moderation and translation • The cookieless analytics provider We do not sell your data. We may disclose data to law enforcement only when legally required.

We keep data no longer than necessary: • Subscription data — until you unsubscribe or your account is deleted • Comments — until they are deleted • IP addresses and User-Agent data used for rate limiting exist only in memory and are not stored long-term.

We apply appropriate technical and organizational measures: • SSL/TLS encryption for data transfers • Secure data storage • Limited access to personal data • Passwordless sign-in using secure magic links

Some of our processors may be located outside the European Union or European Economic Area (EEA). In such cases, transfers are safeguarded by appropriate mechanisms, such as the Standard Contractual Clauses (SCCs) approved by the European Commission.

The service is not directed at children under 13. We do not knowingly collect data from such children. If we learn that we have received such data, we will delete it.

Under the GDPR, you have the right to: • Access your data • Correct inaccurate data • Delete your data • Restrict or object to processing • Receive and port your data to another service provider • Withdraw your consent at any time You also have the right to lodge a complaint with the supervisory authority — the Data State Inspectorate (Datu valsts inspekcija, www.dvi.gov.lv).

If you have privacy questions or wish to exercise your rights: • Email: info@bija.lv • We will respond within one month, as required by the GDPR.