Sign Up
Events Brick Deals

Explore Bricks

News Reviews MOCs & Building Guides & How-To Interviews Collecting & Investing Community & Events Culture & History
Login Sign Up
We're currently updating brick.news with new features. Some things might not work perfectly yet. Thank you for your patience!

Privacy Policy

Last updated: March 2026

1. Introduction and Identity of the Data Controller

Welcome to brick.news ("the Platform"), accessible at brick.news. This Privacy Policy explains how we collect, use, store, and protect your personal data when you access or use brick.news.

The Data Controller responsible for processing your personal data is:

Platform: brick.news

Website: brick.news

Contact: hello@brick.news

This Privacy Policy is governed by Regulation (EU) 2016/679 ("GDPR"), as implemented in Portugal by Lei n.º 58/2019, de 8 de agosto. By using the Platform, you acknowledge that you have read and understood this policy.

2. What Personal Data We Collect

2.1 Registration and Account Data

When you create an account on brick.news, we collect:

  • Display name or username
  • Email address
  • Password (stored exclusively as a hashed value using Argon2id or bcrypt — your plain-text password is never stored)
  • Account role (reader, author, editor, or administrator)
  • Date and time of registration

2.2 Content You Submit

  • Comments you post on articles
  • Articles or other content submitted by authors and editors
  • Search queries entered into the Platform search function

2.3 Technical and Usage Data

We automatically collect certain technical information when you use the Platform:

  • IP address (used for security, rate-limiting, and fraud prevention)
  • Browser type, operating system, and device type (User-Agent string)
  • Pages visited, referral sources, and time spent on pages (first-party analytics)
  • Session data stored in secure, server-side sessions
  • Push notification subscription tokens (if you opt in to browser notifications)

2.4 Data We Do Not Collect

brick.news does not collect, and has no access to:

  • Payment or financial information
  • Government-issued identification numbers
  • Precise geolocation data
  • Special categories of personal data as defined in Article 9 GDPR (e.g., health data, political opinions, religious beliefs)

3. Legal Basis for Processing

We process your personal data only where we have a valid legal basis under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)) — Processing your account credentials to authenticate you and provide the services you have signed up for.
  • Legitimate interests (Art. 6(1)(f)) — Collecting analytics and search log data to improve the Platform, detecting abuse, enforcing community guidelines, and ensuring technical security.
  • Legal obligation (Art. 6(1)(c)) — Retaining certain data where required by applicable Portuguese or EU law.
  • Consent (Art. 6(1)(a)) — For optional features such as push notifications and marketing emails, where we will always ask for your explicit consent before processing.

4. How We Use Your Personal Data

  • Creating and managing your account, including authentication and password recovery
  • Displaying your username and comments on the Platform
  • Sending transactional emails (e.g., password reset, email verification, moderation notifications)
  • Sending optional onboarding or editorial newsletters, subject to your consent
  • Monitoring Platform performance, traffic patterns, and search trends to improve content
  • Detecting and preventing spam, abuse, or fraudulent activity using IP-based rate limiting
  • Complying with applicable legal obligations
  • Maintaining audit logs of administrative actions for platform security

5. Cookies and Similar Technologies

brick.news uses cookies and server-side session mechanisms to maintain your logged-in state across page visits:

  • Session cookie: A server-side session cookie is issued upon login to identify your session. It expires upon logout or browser closure.
  • No third-party advertising cookies: We do not use cookies for advertising or share cookie data with advertising networks.
  • Analytics: Platform analytics are first-party and server-side. We do not use Google Analytics or similar third-party analytics services that set their own cookies.

Under Portuguese electronic communications law (Lei n.º 41/2004, as amended) and the ePrivacy Directive, strictly necessary cookies do not require prior consent. If we introduce non-essential cookies in the future, we will obtain your prior consent.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data in limited circumstances:

  • Hosting and infrastructure providers: Your data is stored on servers provided by our hosting provider. These providers act as data processors under appropriate contractual safeguards.
  • Email delivery: We use a transactional email service to deliver account-related emails. Any provider is bound by a data processing agreement.
  • Legal requirements: We may disclose personal data if required by law, court order, or at the request of a Portuguese or EU public authority.
  • Business transfer: If the Platform is transferred or merged with another entity, your data may be transferred as part of that transaction, subject to this Privacy Policy continuing to apply.

7. International Data Transfers

brick.news is hosted and operated within the European Economic Area (EEA). We do not transfer your personal data to countries outside the EEA unless appropriate safeguards under Chapter V GDPR are in place (e.g., Standard Contractual Clauses or an adequacy decision). If such a transfer becomes necessary, we will update this policy accordingly.

8. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
  • Comments: Retained indefinitely unless deleted by you or removed by a moderator.
  • Analytics events and search logs: Retained in aggregated or pseudonymised form for up to 24 months.
  • Password reset tokens: Automatically expired and deleted within 1 hour of generation.
  • Session data: Deleted upon logout or automatically after session timeout.
  • Audit logs: Retained for up to 12 months for security and compliance purposes.
  • Rate-limit records (IP-based): Retained for up to 24 hours.

9. Your Rights Under GDPR

As a data subject under GDPR and Lei n.º 58/2019, you have the following rights, exercisable free of charge:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data where no overriding legal basis exists.
  • Right to restriction of processing (Art. 18): Request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Request a machine-readable export of your data.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • Right not to be subject to automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact us at hello@brick.news. We will respond within one month as required by Article 12 GDPR. We may ask you to verify your identity before processing your request.

10. Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully, you may lodge a complaint with the Portuguese supervisory authority:

Comissão Nacional de Proteção de Dados (CNPD)

Rua de São Bento, n.º 148-3.º, 1200-821 Lisboa, Portugal

Tel.: +351 213 928 400

geral@cnpd.pt · www.cnpd.pt

You may also lodge a complaint with the supervisory authority of your country of habitual residence, place of work, or place of the alleged infringement.

11. Data Security

We implement technical and organisational security measures appropriate to the risk, in accordance with Article 32 GDPR, including:

  • Passwords stored exclusively using Argon2id or bcrypt hashing — plain-text passwords are never stored or logged
  • HTTPS/TLS encryption in transit for all Platform communications
  • HTTP security headers (Content-Security-Policy, X-Frame-Options, HSTS, etc.)
  • Server-side sessions with Secure, HttpOnly, and SameSite cookie flags
  • Rate limiting and brute-force protection for authentication endpoints
  • Input validation and parameterised queries to prevent SQL injection and XSS
  • Admin panel accessible only via a non-public, authenticated path
  • Audit logging of sensitive administrative actions

In the event of a personal data breach, we will notify the CNPD within 72 hours as required by Article 33 GDPR, and affected users where required by Article 34 GDPR.

12. Children's Privacy

brick.news is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at hello@brick.news so we can delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and/or by posting a prominent notice on the Platform. The "Last updated" date at the top of this document reflects the date of the most recent revision. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy, please contact:

brick.news

Email: hello@brick.news

Website: brick.news