This page explains what data designs.directory collects when you visit the site or upload a design, why we collect it, and what we do with it. It covers every endpoint we run — the public gallery, search, the upload form, and the admin pages.
Data we collect
- Uploaded design zips. When you use Add your design we extract the archive and store the individual files (HTML previews, README, SKILL, assets, and the original zip) in a Hetzner S3 bucket. The files are served publicly from that bucket once an admin approves the design.
- Design metadata. Title, file list, upload size, moderation status, views, upvotes, and downvotes are stored in our Turso (SQLite) database.
- Votes. To enforce one vote per visitor we store a SHA-256 hash of your IP address (salted) with the vote. We do not store the raw IP. The hash is a one-way fingerprint used only for deduplication.
- Views. Every visit to a design page increments a counter on that design. We store the counter, not the visitor identity.
- Search queries. The text you type into the search box is saved together with how many results it returned. Admins use this to understand what people are looking for. Search logs are not tied to your identity.
- Feedback. If you submit feedback, we store the message, the optional email you provide, the page you sent it from, and your user-agent string.
- Admin accounts. Admins sign in with Google OAuth. We store the name, email, profile image, and Google account id provided by Google, plus session records needed to keep them logged in. The public-facing site does not offer user accounts.
- Analytics (PostHog). We use PostHog (EU region) to track page visits, clicks on interactive elements, and — when enabled — session recordings with form inputs masked. PostHog drops a first-party cookie / local-storage entry to maintain an anonymous visitor id.
- Analytics (Google Analytics 4). We also load Google Analytics 4 (measurement ID
G-H26RM0T4X2) via the gtag.js tag. Google receives your IP address (truncated), user-agent, and the pages you view. GA uses first-party cookies (the_gafamily) to distinguish unique visitors.
Why we collect it
- Render the public gallery and the design detail pages.
- Moderate submissions before they appear in the public listing.
- Rank designs by popularity (views, votes).
- Improve the search experience based on what people look for.
- Fix bugs and regressions that session replays surface.
Who can see what
- Public: anything in an approved design (the files, the README, the SKILL, the title, the view and vote counts).
- Admins only: pending / rejected designs, feedback messages, search logs, admin-session metadata.
- Third parties: Hetzner (file hosting), Turso (database), Cloudflare (worker + edge delivery), Google (admin sign-in + Analytics), PostHog (analytics, EU). Each of them receives only the data needed to provide that service.
Retention
Design files and metadata stay until the uploader or an admin deletes them. Rejected designs may be removed at an admin's discretion. Feedback and search logs are kept for as long as they remain useful for moderation and product decisions. PostHog retains analytics events per our plan's default (typically 12 months).
Your controls
- Take down a design: email us (see below) and we'll delete the files and the database row. If you uploaded it, include the design URL.
- Opt out of analytics: use a browser that blocks PostHog and Google Analytics (uBlock Origin, Privacy Badger, Brave Shields all work), or enable Do Not Track — PostHog respects it on our configuration. Google Analytics can also be opted out via Google's GA opt-out browser add-on.
- Export / delete your data: email us and we'll help.
Cookies & local storage
We use: a session cookie for admin sign-in (first-party, HttpOnly), a did first-party cookie that stores an anonymous visitor id for linking searches and votes, a PostHog cookie/local-storage entry for its own anonymous visitor id, Google Analytics cookies (the _ga family) for unique-visitor counting, and session-storage entries the app uses to avoid double-counting a page view within a single tab. We do not use cross-site advertising cookies.
Contact
Questions, takedown requests, or corrections: hello@bringes.io.