Privacy policy

What Puff Rate collects, why, who touches it, and how to get it corrected or deleted.

Last updated July 3, 2026.

Puff Rate collects as little as it needs to run the Lounge. This page names everything we collect and everyone we share it with. No surprises, no fine-print tricks.

What we collect

What you give us. When you create an account: an email address, a username, and a password (held by our authentication service — we never see the password itself). Anything you add to your profile is up to you.

What you post. Reviews, ratings, photos, and edits are public by design — that's the point of the room. Don't put anything in a review you wouldn't want read aloud.

What arrives on its own. Standard technical data: IP address, browser and device type, pages visited. This comes from server logs and the analytics described below.

How we use it

  • Running your account — signing you in, showing your reviews under your name.
  • Operating and improving the Services — understanding which pages get used, finding bugs.
  • Sending transactional email — account notices and notifications you've opted into. No marketing spam.
  • Building aggregate views of what the room thinks — including AI-assisted cigar profiles generated from public member reviews.
  • Keeping the Services safe — detecting abuse, enforcing the house rules and terms.

Analytics

We use Google Analytics on puffrate.com to understand traffic in aggregate — which pages get read, roughly where visitors come from. It runs only on the production site. See the cookie policy for the cookies involved and how to opt out.

Who we share it with

We don't sell your data. Ever. A small set of service providers process data on our behalf to keep the site running:

  • DigitalOcean — hosts our servers and database.
  • Cloudflare — DNS, content delivery, and storage for uploaded images.
  • SendGrid — delivers transactional email.
  • Google — analytics, as described above.
  • OpenAI — processes public review text to generate aggregate cigar profiles. No account data, only what's already published.

Beyond that, we disclose data only if the law requires it, or if it's necessary to protect members or the Services. If Puff Rate is ever acquired or restructured, member data would transfer under this same policy.

Retention and deletion

We keep data as long as it's needed for the purposes above or as the law requires, then delete or anonymize it. If you delete your account, your profile is removed; published reviews may remain in anonymized form so the room's record stays intact, or you can ask for full removal through the contact form.

Your choices

  • Access and update your account information in your settings.
  • Ask for a copy of your data, a correction, or deletion through the contact form.
  • Control cookies through your browser — see the cookie policy.

If you're in a jurisdiction with statutory privacy rights (GDPR, CCPA, and kin), those rights apply and the contact form is the way to exercise them. We respond to every request; we don't discriminate against anyone for making one.

Security

Traffic is encrypted in transit, authentication is handled by a dedicated service, and access to production data is restricted. No system is perfectly secure, and we won't pretend otherwise — but we take reasonable, current measures to protect what you've trusted us with.

International transfers

Puff Rate is operated from the United States and our providers store data there. If you use the Services from elsewhere, your data is processed in the U.S. under this policy.

Age

Puff Rate is for adults 21 and over — see 21+ only. We don't knowingly collect data from anyone under legal smoking age; if we learn we have, we delete it.

Changes to this policy

When this policy changes, the date at the top changes with it, and material changes will be visible on the site. Continued use after a change means you accept the updated policy.

Contact

Privacy questions and requests: use the contact form.