Privacy

We’ve Been Protesting is a historical archive, not a marketing or growth product. We collect as little personal information as possible — only what we need to operate accounts, respond to messages you send us, and keep the archive accurate. Browsing the archive requires no account and collects no personal information about you. This page explains what changes when you choose to sign in or contact us: what we store, why, and how to remove it. It describes what is true today; where a feature is planned but not yet built, it is labeled as such, and this page will be updated before any such change takes effect.

Browsing the archive

You can read and explore the entire public archive without signing in. Public browsing is read-only and collects no personal information from visitors. We do not require an account, set advertising or tracking cookies, build profiles of visitors, or follow you across other sites. Our page-view analytics runs cookieless and stores nothing on your device — see Analytics below.

Signing in (email or Google)

Signing in is optional. We offer it only so people can hold an account and so that designated administrators can curate the archive.

We use Firebase Authentication. You can sign in with an email address and password, or with Google. Google sign-in happens through a standard OAuth popup; we request only your basic profile and email, and we do not request access to your contacts, friends, social graph, posts, or other activity on your Google account. When you sign in with email and password, your password is handled entirely by Firebase Authentication and is never visible to us.

What we store when you have an account

When you sign in, we create a single profile record for your account. It contains only:

  • uid — a unique account identifier (required).
  • displayName — your name, if available (optional).
  • photoURL — your profile photo URL, if available (optional).
  • email — your email address, if available (optional).
  • role — your permission level. Everyone is a contributor by default; the elevated administrator role is granted only by us, server-side, and never by signing in.

Why we collect it

We collect this minimal information for two reasons only: to operate your account (so you can sign in and be recognized as the same person across visits), and to let administrators curate the archive under the administrator role. We do not use your account information for marketing, advertising, profiling, or engagement tracking, and we never tie usage measurement to your identity. We do not sell your personal information, and we do not share it with advertisers.

OAuth tokens and scopes

We never store the access tokens issued by Google. We keep our requested permissions to the minimum needed to sign you in, and we do not expand them to reach additional data. Authentication is handled by Firebase; we hold only the small profile record described above.

Where your session is kept

Firebase Authentication keeps your signed-in session in your own web browser (using local storage and IndexedDB) so you stay signed in between visits on that device. Signing out, or clearing your browser’s site data, ends that local session. Because the session lives in your browser, sign out on devices you share with others.

When you contact us

If you send us a message through the contact form, we collect the information you provide — your first and last name, email address, an optional phone number, a category, and your message — so we can read and respond to it. We store these messages so we can follow up.

With each message we also record a little technical metadata to prevent spam and abuse: your browser’s user-agent string, a one-way hashed (non-reversible) form of your IP address, and the page you submitted from. We use the message and this metadata only to respond to you and to protect the archive; we never use them for advertising, profiling, or marketing, and we do not tie them to your browsing.

Third parties and data processors

We rely on a small, fixed set of providers:

  • Google (Firebase) — provides Authentication, the Firestore database where the archive, your profile record, and contact messages live, and Hosting.

Operational logs and other vendors

Beyond the cookieless page-view measurement described under Analytics, we do not use third-party advertising networks, data brokers, or additional analytics vendors. Operational logs generated by these platforms (for example, server request and error logs) are not tied to your identity and are not used to profile you. Your interactions with Google during sign-in are also governed by its own privacy policy.

Analytics

We measure aggregate, anonymous page views using Umami, a privacy-focused analytics service. It is cookieless: it sets no cookies, stores nothing on your device, and does not assign you a persistent or cross-site identifier. We see only aggregate counts and high-level usage trends, such as how many times a page was viewed, never who viewed it.

This measurement is never tied to your identity, and we do not track engagement, such as scrolling, time spent, or media playback. Admin and sign-in pages are not measured at all. Umami processes these anonymous page views on our behalf according to its own privacy policy.

External links

The archive includes outbound and reference links to sources and related material. These links are informational only. We do not record clicks on them or infer anything about your behavior from them.

Deleting your account

When you are signed in, you can delete your account from the account menu (top-right of the site): select Delete account and confirm. Deleting your account permanently removes your personal information — your Firebase authentication record and your profile record (the uid, displayName, photoURL, email, and role fields above). You can also ask us to delete your account through the contact form (below).

Deleting your account does not remove material you have contributed to the archive. Those contributions are retained to preserve the integrity of the archive, but they are anonymized — no longer associated with your account.

Payments and donations

Donations are processed entirely by Stripe, a dedicated payment processor, on Stripe’s own checkout pages. Card numbers and payment credentials never touch our servers and are never seen or stored by us.

On our side we keep only Stripe reference identifiers (such as a checkout-session or event ID) so donations can be reconciled — no amounts, no names, no email addresses. Stripe processes your payment information under its own privacy policy. Monthly donations can be changed or canceled at any time through the contact form.

Changes to this policy

We will update this page when our practices change, and we will do so before a new collection or measurement practice takes effect rather than after.

A note on legal review

This page is written in plain language to describe our actual practices; it is not legal advice. Data-subject rights, retention periods, and the operator’s legal identity (for example under GDPR or CCPA) are intentionally deferred to qualified legal counsel, who should review and adapt this page before it is published.

Contact

Questions about this policy or about your data — including requests to access, correct, or delete your information — can be sent through the contact form on this site.