Privacy Policy
Last updated: February 2026
1. Who We Are
AETERNA FRAMEWORKS is an intellectual corpus dedicated to the invariant principles of the psyche — a long work, built to last. It is owned and operated by Constant Changes, Lda., a company incorporated in Portugal, with registered address at Rua Nova da Trindade, 1, Lisboa (NIPC PT515506028).
Constant Changes, Lda. is the data controller responsible for all personal data collected through this platform. As a Portuguese company operating within the European Union, it is subject to the General Data Protection Regulation (EU) 2016/679 — among the most rigorous data protection frameworks in the world. Your data is not a resource to be extracted. It is held in trust, under European law, for as long as the Work requires and no longer.
For any matter relating to your data, you may reach us at chancellery@aeternaframeworks.com.
2. The Nature of This Policy
This policy explains what personal data we collect when you use the Corpus, why we collect it, the legal basis for each processing activity, how long we retain it, and the rights you hold over it — under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR, as applicable.
We treat your presence here with the respect due to any seeker approaching the threshold. The same transparency we bring to the philosophical work, we bring to the technical conditions that support it.
3. What We Collect and Why
3.1 Account Registration
When you register as a Seeker, we collect your email address and, where you provide it, your name. This data is used to create and maintain your account, to authenticate your access to the platform, and to communicate with you about your account and the materials you have accessed.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
3.2 Consent at Registration
At the moment of registration, we record your explicit acceptance of our Terms of Access and Privacy Policy. This acceptance is captured as a boolean value with a timestamp and is never modified retroactively.
Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR); record of consent as required by Art. 7(1) GDPR.
3.3 Content You Create on the Platform
If you access the inner levels of the Corpus (Stages 1–4), you may create personal content within the platform: entries in the Philosophical Journal (Diário Filosófico), reflective notes (Speculum entries), and questions submitted to the Oracle. This content is yours. It is stored securely, is visible only to you within your Sanctum, and — in the case of Oracle questions — is read solely by the curator for the purpose of composing a response. It is never shared with third parties, never used for training machine learning models, and never accessed for any purpose other than the provision of the service you have requested.
In exceptional cases, and only with your explicit written consent, an Oracle exchange may be published in the Responsa Archive in anonymised form.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR); explicit consent for publication in the Responsa Archive (Art. 6(1)(a) GDPR).
3.4 Payment Data
Payment transactions are processed exclusively by Stripe, Inc. We do not store your payment card details. Stripe acts as an independent data processor under its own privacy policy. We retain records of transactions (amount, date, product) for the purpose of accounting and legal compliance.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR); compliance with a legal obligation (Art. 6(1)(c) GDPR).
3.5 Communications
If you contact us by email, we retain that correspondence for the purpose of responding to your query and maintaining a record of communications.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR) — specifically, the legitimate interest in maintaining accurate records of communications with users.
3.6 Analytics
We use Plausible Analytics, a privacy-first tool that does not use identifying cookies, does not track individuals across websites, and does not employ fingerprinting. Plausible collects only aggregate, anonymised data about how the Corpus is used — which pages are visited, approximate geographic region, and referral source. This data cannot be linked to any individual.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR). Because Plausible is cookieless and collects no personal data in individually identifiable form, it does not require consent under the ePrivacy Directive. We nonetheless disclose its use here as a matter of transparency.
3.7 Local Storage
The Corpus uses your browser's local storage — not cookies — to record, anonymously and without any identifier, which articles you have read during a given period. This information remains exclusively on your device; it is never transmitted to our servers, never associated with your identity, and never shared with third parties. It serves a single purpose: to allow the Corpus to recognise a pattern of sustained engagement, which may unlock access to a deeper text not publicly listed. You may clear your browser's local storage at any time through your browser settings.
Local storage is not a cookie and is not subject to the ePrivacy Directive. We disclose its use here in the interest of complete transparency.
4. Data We Do Not Collect
The Corpus does not use targeted advertising, affiliate tracking, or any third-party marketing pixel. We do not use Google Analytics, Meta Pixel, or any behavioural tracking tool that profiles individuals. We do not sell, rent, or otherwise transfer your personal data to third parties for commercial purposes.
5. Third-Party Processors
We work with a limited number of carefully selected third-party processors:
Stripe, Inc.
Payment processing. Stripe operates under its own privacy policy and is certified under applicable data transfer frameworks. See stripe.com/privacy.
Vercel, Inc.
Hosting and infrastructure. Vercel processes server logs and technical data necessary for platform operation. See vercel.com/legal/privacy-policy.
Supabase, Inc.
Database infrastructure. Your account data and platform content are stored on Supabase-managed PostgreSQL infrastructure. See supabase.com/privacy.
All three processors are headquartered in the United States. Transfers of personal data to these processors outside the European Economic Area are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, as incorporated in each processor's data processing agreements.
6. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law. The following criteria govern retention by category:
Account data (email, name):
Retained for the duration of your account. If you request deletion of your account, this data is permanently deleted within 30 days, except where retention is required by law.
Philosophical Journal, Speculum entries, Oracle exchanges:
Retained for the duration of your account. Upon account deletion, all personal content is permanently erased within 30 days.
Consent records (consentGiven, consentTimestamp):
Retained for 7 years from the date of registration, as evidence of lawful processing. Deletion of an account does not erase consent records.
Payment transaction records:
Retained for 10 years in accordance with Portuguese accounting and tax law (Decreto-Lei n.º 158/2009 and applicable fiscal legislation).
Email communications:
Retained for 3 years from the date of the last communication.
7. Your Rights
Under the GDPR, you hold the following rights in relation to your personal data. You may exercise any of these rights by contacting us at chancellery@aeternaframeworks.com.
Right of access (Art. 15):
You may request a copy of the personal data we hold about you and information about how it is processed.
Right to rectification (Art. 16):
You may request correction of any inaccurate or incomplete personal data.
Right to erasure (Art. 17):
You may request deletion of your personal data, subject to our legal obligations of retention. Consent records and transaction records are subject to the retention periods noted in Section 6.
Right to restriction of processing (Art. 18):
You may request that we limit how we use your data in certain circumstances — for example, while a dispute about accuracy is resolved.
Right to data portability (Art. 20):
You may request a copy of personal data you have provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means.
Right to object (Art. 21):
You may object to processing based on legitimate interests. We will cease that processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to withdraw consent (Art. 7(3)):
Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right not to be subject to automated decision-making (Art. 22):
No decision with legal or similarly significant effect is made about you solely by automated means.
Right to lodge a complaint:
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority. In Portugal, this is the Comissão Nacional de Protecção de Dados (CNPD) — cnpd.pt. If you are resident in the United Kingdom, you may contact the Information Commissioner's Office (ICO) — ico.org.uk.
We will respond to all rights requests within one calendar month of receipt, in accordance with Art. 12 GDPR.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encrypted data transmission (TLS), secure database infrastructure, restricted administrative access, and regular security review. Your Philosophical Journal entries, Oracle questions, and other personal content are accessible only to you and — in the case of Oracle responses — to the curator for the sole purpose of composing a reply.
No method of transmission over the internet is entirely secure. We maintain these measures to the standard reasonably expected of a platform handling personal data of this nature.
9. Children
The Corpus is not directed to persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at chancellery@aeternaframeworks.com and we will take prompt action to delete it.
10. Updates to This Policy
We may update this policy as our practices evolve or as the law requires. Significant changes will be communicated through the platform prior to taking effect. The date of the most recent revision is indicated at the top of this page. Continued use of the Corpus after notification of changes constitutes acceptance of the revised policy, to the extent permitted by applicable law.
11. Contact
For all matters relating to your personal data, or to exercise any of the rights described in Section 7:
Constant Changes, Lda.
Rua Nova da Trindade, 1 · Lisboa · Portugal
chancellery@aeternaframeworks.com