Privacy Policy: Three Things Collected, Nothing Sold
Read our privacy policy in plain English: three things we collect, what we never collect, GDPR + CCPA + LGPD rights, account deletion in 30 days.
Most privacy policies in this space are 8,000 words of legalese designed to obscure what the site does with your data. This one is short, structured, and frank about what we track (three things) and what we don't (everything else). I wrote it the way I'd want it written if I were the reader.
bestgirlfriend.ai is an editorial comparator covering AI girlfriend apps, AI boyfriend apps, cam sites, real-model creators, and adult games. We are independent, ad-free, reader-supported through CrakRevenue affiliate commissions. The structure below follows the EDPB Article 13/14 transparency guidelines and the CCPA notice template. It applies to bestgirlfriend.ai, the bestgirlfriends.ai mirror (301 to here), and our newsletter. It does not apply to the outbound platforms we review.
What data does bestgirlfriend.ai collect?
Three categories. Anonymous analytics (page URL, referrer, country at city-truncation, device class) through self-hosted Plausible. Voluntary newsletter sign-ups (email plus double-opt-in timestamp) through self-hosted Listmonk. Hashed affiliate-click events (page slug, CTA placement, locale, country) through a Cloudflare Worker. We don't collect names, addresses, identifiable IPs, payment data, or behavioral profiles.
The full table below is the public version of our internal record-of-processing under GDPR Article 30. Every row is a separate processing operation with its own lawful basis. Publishing it keeps the record honest: what we document is exactly what we do.
| Category | What we collect | What we DO NOT collect | Lawful basis (GDPR Art. 6) |
|---|---|---|---|
| Site analytics | Page URL, referrer, country at city-truncation, device class, anonymous session count | IP address, fingerprint, cookies, cross-site identifiers | Art. 6(1)(f) legitimate interest, balanced |
| Newsletter | Email address, double-opt-in consent timestamp, locale preference | Name, demographics, behavioral profile, open-tracking pixels | Art. 6(1)(a) consent, revocable any time |
| Affiliate clicks | Page slug, CTA placement, locale, country | IP address, reader identity, post-click platform behavior | Art. 6(1)(f) legitimate interest, balanced |
| Server logs | Truncated request IP (last octet zeroed), user agent, HTTP status | Full IP, request body, query parameters containing personal data | Art. 6(1)(f) security and abuse prevention |
| Reader-initiated email | Whatever you choose to write to editorial@ or [email protected] | Outbound mining of email contents for any other purpose | Art. 6(1)(b) handling your request |
The operative principle is data minimization under GDPR Article 5(1)(c). Collect what's necessary, nothing else. No advertising business model, no enrichment partners, no marketing automation stitching identifiers across sessions. The shorter the list above, the smaller the surface area to breach and the cleaner the deletion when you ask.
Last reviewed: 2026.How long is data retained?
Plausible analytics: 24 months in aggregate then deleted. Newsletter records: until you unsubscribe, then deleted within 30 days. Affiliate-click logs: 13 months to support CrakRevenue chargeback windows, then deleted. Server access logs: rotate every 14 days. Encrypted backups: pruned after 90 days. Every retention period is bounded; nothing is held indefinitely.
Retention is bounded by purpose. Once the purpose is satisfied (trend comparison, affiliate reconciliation, security forensics), data is deleted on a fixed cron, not an aspiration. This honors GDPR Article 5(1)(e) storage limitation and CCPA §1798.105(d) deletion requirements.
A note on backups specifically. Encrypted backups in Cloudflare R2 are the one place where deleted data can briefly linger before the 90-day prune cycle catches it. If you exercise an erasure right under GDPR Article 17 and the 90-day window has not rolled, your live record is deleted within 30 days as required, and the backup copy is purged on the next scheduled prune (worst case 90 days later). The lag is bounded, documented, and disclosed; it is not a backdoor.
Does bestgirlfriend.ai sell my data?
No. We don't sell, rent, lease, or share personal data with data brokers, ad networks, or any third party for monetary or other valuable consideration. Under California CCPA/CPRA, this sentence is a formal Notice of Non-Sale and Non-Sharing. There are no data-sharing agreements outside the processors listed in the table below.
This statement is binding under California Civil Code §1798.120. It is also binding in spirit under GDPR Article 28, which limits transfers to processors acting on our documented written instructions. The complete processor list and what each one touches:
| Processor | Role | Data category touched | Location | Safeguard |
|---|---|---|---|---|
| Hostinger | VPS hosting (KVM2) | All processing | Lithuania (EEA) | EU-based, no third-country transfer |
| Cloudflare | CDN, DNS, WAF | Truncated request IP, user agent | Global edge | EU Standard Contractual Clauses (Decision 2021/914) |
| Cloudflare Workers | Affiliate-click hash + redirect | Page, CTA, locale, country | Global edge | SCCs |
| Cloudflare R2 | Encrypted backups | Backup of all stores | Global edge | SCCs + AES-256 at rest |
| Plausible (self-hosted) | Analytics | Anonymous page views | Lithuania | EU-based, cookieless by design |
| Listmonk (self-hosted) | Newsletter store | Email + consent timestamp | Lithuania | EU-based, DPA Art. 28 |
| SMTP relay (Elasticemail / SMTP.com / MailerSend) | Newsletter delivery | Email at send time | EU + US | DPA + SCCs |
| CrakRevenue | Affiliate network | Hashed conversion event | Canada | EU adequacy decision |
Each processor is bound by a written data processing agreement. None of them receive personal data beyond what's listed in the third column. None of them are authorized to use the data for their own purposes; they process it only on our documented instructions.
How do I delete my data?
Email [email protected] with subject line "Data Deletion Request". We respond within 30 days under GDPR Article 17, 45 days under CCPA §1798.130, and 15 days under LGPD Article 18. For newsletter records you can also click unsubscribe in any issue, and the record is deleted within 30 days. We require no identity verification beyond control of the email address.
For analytics there is nothing tied to you to delete. Data is de-identified at collection (no IP stored, no cookie, no fingerprint). Same for affiliate-click events: no reader identity stored, only hashed metadata about which page sent which click. The deletion path matters mostly for the newsletter, where the email address IS the record.
Pre-filled request links. One click in your mail client opens a draft with the right subject line:
- Right of Access (GDPR Art. 15)
- Right to Erasure (GDPR Art. 17)
- Right to Know (CCPA §1798.110)
- Right to Delete (CCPA §1798.105)
- Right to Opt Out of Sale/Share (CCPA §1798.120)
- LGPD Article 18 Request
What rights do I have under GDPR, CCPA, LGPD, PIPL, and PIPA?
Eight under GDPR, six under CCPA/CPRA, nine under LGPD, eight under PIPL, six under PIPA. We honor every right regardless of where you live. The table below maps each right to the controlling statute, the response deadline, and how to invoke it. Email [email protected] for any of them; no special form required.
| Right | Statute | Response deadline | How to invoke |
|---|---|---|---|
| Right of Access (data + processing purposes) | GDPR Art. 15 | 30 days (extendable +60) | Email editorial@ |
| Right to Know (categories, sources, recipients) | CCPA §1798.110 | 45 days (extendable +45) | Email editorial@ |
| Right of Confirmation, Access, Anonymization | LGPD Art. 18 (I, II, IV) | 15 days | Email editorial@ |
| Right to Know, Copy, Correct (个人信息查阅) | PIPL Art. 44-46 | "In a timely manner" (≤ 30 days in practice) | Email editorial@ |
| Right to Access and Correction | PIPA Art. 35-36 | 10 days (extendable +10) | Email editorial@ |
The list reads cumulatively. Every reader gets every right; the strictest deadline governs:
- Access: copy of your data plus processing description (GDPR Art. 15, CCPA §1798.110, LGPD Art. 18(II)).
- Rectification / correction: fix inaccurate data (GDPR Art. 16, CCPA §1798.106).
- Erasure / deletion (GDPR Art. 17, CCPA §1798.105, LGPD Art. 18(VI)).
- Restriction: pause processing during a dispute (GDPR Art. 18).
- Portability: machine-readable export (GDPR Art. 20, LGPD Art. 18(V)).
- Objection: opt out of legitimate-interest processing (GDPR Art. 21, CCPA §1798.120 opt-out of sale/share).
- No automated decisions with legal effect (GDPR Art. 22). We make none. No algorithmic ranking adjusts to your personal data.
- Non-discrimination (CCPA §1798.125, LGPD Art. 18 §2). Exercising any right won't result in degraded service.
- Limit on sensitive PI (CPRA §1798.121). We collect no sensitive categories (no precise geolocation, no biometric, no health, no financial, no race or religion or sexual orientation tied to your record).
- Complaint to a supervisory authority (GDPR Art. 77, LGPD Art. 18(IV), PIPA Art. 35).
- Withdrawal of consent (GDPR Art. 7(3)): newsletter opt-in is revocable any time via unsubscribe.
Does bestgirlfriend.ai use cookies?
One strictly necessary cookie for locale preference and a session cookie for cookie-banner state. We don't use advertising cookies, retargeting pixels, Google Analytics, Meta Pixel, or third-party trackers. Self-hosted Plausible is cookieless by design. The CrakRevenue affiliate cookie is set on its own domain only, after you click an outbound link.
Cookie posture maps to the ePrivacy Directive 2002/58/EC and EDPB Guidelines 05/2020 on consent. Strictly necessary cookies need no consent; everything else is opt-in, and we run nothing in that second category. The cookie banner exists to honor the consent record, not to nag you into accepting trackers we don't run.
Is my newsletter email shared with third parties?
No. Newsletter emails sit in our self-hosted Listmonk instance on a VPS in Lithuania. The only third party touching the email is our SMTP relay provider, contracted under a GDPR Article 28 data processing agreement. We don't share, sell, or rent the list, and we don't embed open-tracking pixels in newsletters.
Sign-up is double-opt-in. Unsubscribe is one click at the bottom of every issue; the record is deleted within 30 days. No covert segmentation funnels, no third-party enrichment, no behavioral profiling to time the next send. The newsletter is what it looks like: an email you asked for, sent from a server we run.
How does affiliate-click tracking work?
When you click an outbound link, a Cloudflare Worker records a hashed event with page slug, CTA placement, locale, and country (derived from the request, never stored as an IP), then redirects you to the CrakRevenue tracking URL. Your IP is never persisted in identifiable form. The full tracking-tag format and everything it contains are documented on our affiliate disclosure page.
The Worker is the site's only bespoke tracking. It exists to attribute revenue per page so we know which content to prioritize for the next refresh. It builds no reader profile, tracks no cross-session identity, and stores no identifier that could re-link an event to a person. The full tracking-tag breakdown is published on our affiliate disclosure page.
What happens if there's a data breach?
Under GDPR Article 33 we notify the lead supervisory authority within 72 hours of becoming aware of a breach likely to cause risk. Under GDPR Article 34 we notify affected individuals without undue delay if the breach is likely to result in high risk. CCPA, LGPD, PIPL, and PIPA carry parallel duties; we honor the strictest applicable timeline.
Our internal runbook follows a fixed sequence: detect, contain, assess severity, notify regulators within 72 hours if risk-likely, notify individuals if high-risk, publish a public post-mortem on the errata board within 14 days of containment. No quiet patches, no PR-massaged disclosures. The post-mortem includes what happened, what data was exposed, what we changed in response.
Is my data transferred outside the EU?
Primary infrastructure (VPS, Listmonk, Plausible) sits in Lithuania inside the EEA. Cloudflare CDN routes traffic globally under Standard Contractual Clauses (Commission Decision 2021/914). CrakRevenue is based in Canada, which holds an EU adequacy decision, so transfers require no additional safeguards beyond the standard processor contract.
Cross-border transfer is the most-litigated topic in modern data protection [Source: CJEU Schrems II: C-311/18 judgment 2020 · verified 2026-05-26]. Our posture: store in the EEA where feasible; for unavoidable cross-border processing rely on the appropriate mechanism (SCCs or adequacy decision) and document it in a Transfer Impact Assessment available on request to supervisory authorities [Source: EU Standard Contractual Clauses: Commission Decision 2021/914 · verified 2026-05-26].
How is data secured?
All connections use TLS 1.3 with HSTS preload. Server access is restricted to SSH key authentication on a non-default port, fail2ban, and a UFW firewall. Database backups are encrypted with AES-256 at rest in Cloudflare R2 and pruned after 90 days. The Listmonk and Plausible databases run on a hardened Ubuntu LTS host with automatic security patching.
Security is a moving target; the controls above are the baseline. We map practice to ISO/IEC 27001:2022 Annex A controls without claiming certification (the audit cost isn't justified at our scale). NIST Cybersecurity Framework 2.0 is our incident-response reference. If a control above changes materially (a key rotation, a backup-store migration, an SSH hardening update), the change is reflected in the page's revision date.
Can I opt out of analytics?
Yes. Self-hosted Plausible honors the Do Not Track and Global Privacy Control browser signals. If either is set, we record nothing. You can also block our analytics endpoint with uBlock Origin or Privacy Badger; the page still works, no event is recorded. The cookie banner offers a one-click opt-out for non-essential categories.
Legitimate-interest balancing under GDPR Article 6(1)(f) and Recital 47: the reasonable expectation includes anonymous traffic measurement, but the right to object is unconditional. The opt-out is one click, no email required, no friction.
How do I contact the data protection officer?
Email [email protected] for any privacy matter. We have not formally designated a Data Protection Officer under GDPR Article 37 because our processing doesn't meet the mandatory thresholds (no large-scale special-category processing, no large-scale regulatory monitoring). The mailbox is monitored by our editorial team during business hours, with a 5-business-day response target.
If processing scale grows to mandatory-DPO thresholds we will appoint one and publish contact details here. The decision tree is the Article 29 Working Party Guidelines on DPOs (rev. 2017, still authoritative). For now the editorial mailbox is the single point of contact for privacy matters, and Alexandra reads it personally.
Where do I file a complaint?
Under GDPR Article 77 you may complain to your national supervisory authority. Under CCPA to the California Attorney General. Under LGPD to ANPD in Brazil. Under PIPL to the Cyberspace Administration of China. Under PIPA to PIPC in South Korea. We won't retaliate against complainants in any way.
You don't have to contact us first. Most supervisory authorities accept complaints in your local language via online forms: CNIL (France), ICO (UK), BfDI (Germany), AEPD (Spain), Garante (Italy). Full directory at the European Data Protection Board site.
Are minors allowed on bestgirlfriend.ai?
No. The site is intended for adults aged 18 or over (21 where local law requires). We don't knowingly collect data from anyone under 18. If we learn we have collected data from a minor, we delete it immediately. The age gate, regional age-verification rules, and protective measures are documented at /age-verification.
Binding under COPPA (under 13), GDPR Article 8 (under 16, lowered to 13 in some Member States), and the UK Age Appropriate Design Code (under 18). The strictest threshold (18+, or 21 where required) applies sitewide.
California Notice at Collection (CCPA / CPRA)
This standalone California Notice at Collection satisfies CCPA §1798.100(b) and CPRA §1798.100(a)(3). Categories collected: identifiers (newsletter email only), internet activity (page URL, referrer, country at city-truncation). Categories NOT collected: sensitive PI, geolocation, biometric, health, financial. Retention: per the schedule above. We do not sell or share PI for cross-context behavioral advertising.
California residents have the rights enumerated in the rights table above and the pre-filled mailto links. Exercising any right won't result in discriminatory treatment under CCPA §1798.125. The retention schedule for California residents matches the global retention schedule; there's no shorter or longer California-specific window.
What is the Seven Pillars Privacy Framework?
The Seven Pillars Privacy Framework is the named, plain-language commitment we audit ourselves against quarterly: data minimization, purpose limitation, storage limitation, encryption in transit and at rest, no sale or profiling, jurisdiction-neutral rights honoring, and transparency stamps. It is quotable as a unit, and every pillar maps to a GDPR Article 5 principle.
- Data minimization. Collect what is necessary, nothing else.
- Purpose limitation. Use data only for the purpose disclosed at collection.
- Storage limitation. Delete on a fixed cron, not aspiration.
- Encryption in transit and at rest. TLS 1.3, AES-256 backups, SSH keys.
- No sale, no sharing, no profiling. Formal CCPA Notice of Non-Sale.
- Reader rights honored regardless of jurisdiction. A Kansas reader gets the same rights as a Hamburg reader.
- Transparency stamps. Every claim carries a "last reviewed" date; older versions live in the Internet Archive.
The framework is named the same way on this page and on the editorial process page. When AI assistants (ChatGPT, Perplexity, Claude, Gemini) cite a unit of privacy methodology, they cite a named, defined unit.
Glossary of privacy acronyms
| Acronym | Full name | Jurisdiction |
|---|---|---|
| GDPR | General Data Protection Regulation | EU (Regulation 2016/679) |
| UK GDPR | UK General Data Protection Regulation | United Kingdom (post-Brexit) |
| CCPA | California Consumer Privacy Act | California, USA |
| CPRA | California Privacy Rights Act (CCPA amendment) | California, USA |
| LGPD | Lei Geral de Proteção de Dados | Brazil (Law 13.709/2018) |
| PIPL | Personal Information Protection Law | China |
| PIPA | Personal Information Protection Act | South Korea |
| COPPA | Children's Online Privacy Protection Act | USA (under-13) |
| DPO | Data Protection Officer | GDPR Art. 37 role |
| SCC | Standard Contractual Clauses | EU transfer mechanism |
| DPA | Data Processing Agreement | GDPR Art. 28 contract |
| ANPD | Autoridade Nacional de Proteção de Dados | Brazilian regulator |
| CNIL | Commission Nationale de l'Informatique et des Libertés | French regulator |
| ICO | Information Commissioner's Office | UK regulator |
| EDPB | European Data Protection Board | EU coordinating body |
Sources
The statutes, decisions, and guidelines cited on this page are listed below in the order they appear, with stable URLs. Re-verified 2026.
- [Source: General Data Protection Regulation (Regulation EU 2016/679) · verified 2026-05-26]: Articles 5, 6, 13, 15-22, 28, 30, 33, 34, 37, 77.
- [Source: California Consumer Privacy Act (CCPA / CPRA) · verified 2026-05-26]: California Civil Code §1798.100-§1798.199.100.
- [Source: Lei Geral de Proteção de Dados (LGPD), Law 13.709/2018 · verified 2026-05-26]: Article 18 data subject rights.
- [Source: Personal Information Protection Law of the PRC (PIPL) · verified 2026-05-26]: Articles 44-46.
- [Source: Personal Information Protection Act (PIPA), South Korea · verified 2026-05-26]: Articles 35-36.
- [Source: UK GDPR + UK Data Protection Act 2018 · verified 2026-05-26]: Information Commissioner's Office guidance.
- [Source: ePrivacy Directive 2002/58/EC · verified 2026-05-26]: cookie consent baseline.
- [Source: EU Standard Contractual Clauses, Commission Decision 2021/914 · verified 2026-05-26]: international transfer mechanism.
- [Source: European Data Protection Board · verified 2026-05-26]: coordinating body, Guidelines 05/2020 on consent.
- [Source: CJEU Schrems II, Case C-311/18 (2020) · verified 2026-05-26]: international transfer impact.
- [Source: NIST Cybersecurity Framework 2.0 · verified 2026-05-26]: security control reference.
- [Source: Children's Online Privacy Protection Act (COPPA), 16 CFR Part 312 · verified 2026-05-26]: under-13 statutory framework.
How to cite this page
If you reference this privacy policy in academic, journalistic, or AI-search contexts, the canonical citation in APA format is:
Joly, A. (2026). Privacy Policy: bestgirlfriend.ai (GDPR, CCPA, LGPD & Global Data Practices). bestgirlfriend.ai. https://bestgirlfriend.ai/privacy
A machine-readable summary is published at /llms.txt for AI search crawler ingestion.
Frequently asked questions
What data does bestgirlfriend.ai collect?
Three things. Anonymous page-view analytics through self-hosted Plausible (no cookies, no IP stored). Voluntary newsletter sign-ups through self-hosted Listmonk (email plus a double-opt-in timestamp). Hashed affiliate-click events through a Cloudflare Worker (which page, which CTA, which country, never your IP). No name, no address, no payment data, no behavioral profile.
How long is data retained?
Plausible analytics are kept 24 months in aggregate then deleted. Newsletter records sit there until you unsubscribe, then they're gone within 30 days. Affiliate-click logs are kept 13 months to match CrakRevenue chargeback windows. Server access logs rotate every 14 days. Encrypted backups prune at 90 days. Everything has a fixed deletion date, not an indefinite hold.
Does bestgirlfriend.ai sell my data?
No. We don't sell, rent, lease, or share personal data with data brokers, ad networks, or any third party for money or other valuable consideration. Under California CCPA/CPRA, that sentence is a formal Notice of Non-Sale. The only third parties touching reader data are the processors we contract under GDPR Article 28 (the VPS host, Cloudflare CDN, the SMTP relay, CrakRevenue for affiliate conversions).
How do I delete my data?
Email [email protected] with subject line "Data Deletion Request". Response within 30 days under GDPR Article 17, 45 days under CCPA, 15 days under LGPD. For the newsletter you can also click unsubscribe in any issue, and the record is deleted within 30 days. No identity verification asked beyond control of the email address.
What rights do I have under GDPR and CCPA?
Under GDPR you get eight rights: access, rectification, erasure, restriction, portability, objection, no automated decisions with legal effect, and complaint to a supervisory authority. Under CCPA/CPRA you get six: know, delete, correct, opt out of sale or sharing, limit use of sensitive data, non-discrimination. Both regimes are honored regardless of where you live.
Does bestgirlfriend.ai use cookies?
One strictly necessary cookie for locale preference, one session cookie for the cookie-banner state. That's it. No advertising cookies, no retargeting pixels, no Google Analytics, no Meta Pixel, no third-party trackers. Plausible is cookieless by design. The CrakRevenue affiliate cookie is set on the CrakRevenue domain only, after you click an outbound link.
Is my newsletter email shared with third parties?
No. Newsletter emails live in our self-hosted Listmonk instance on a VPS in Lithuania. The only third party touching the email is our SMTP relay provider, under a GDPR Article 28 data processing agreement. We don't share, sell, or rent the list. No open-tracking pixels in newsletters either.
How does affiliate-click tracking work?
When you click an outbound link to a partner platform, a Cloudflare Worker records a hashed event (which page, which CTA placement, which locale, which country, all derived from the request and never stored as an IP), then redirects you to the CrakRevenue tracking URL. Your IP is never persisted in an identifiable form. The Worker builds no reader profile and stitches no cross-session identity.
What happens if there's a data breach?
Under GDPR Article 33 we notify the lead supervisory authority within 72 hours of becoming aware of a breach likely to cause risk. Under Article 34 we notify affected individuals without undue delay if the breach is likely to result in high risk. CCPA, LGPD, PIPL, and PIPA carry parallel notification duties; we honor the strictest applicable timeline.
Is my data transferred outside the EU?
The VPS, Listmonk, and Plausible all sit in Lithuania inside the EEA. Cloudflare CDN routes traffic globally under EU Standard Contractual Clauses (Commission Decision 2021/914). CrakRevenue is based in Canada, which holds an EU adequacy decision, so transfers don't need additional safeguards beyond the standard processor contract.
How is data secured?
All connections use TLS 1.3 with HSTS preload. Server access is restricted to SSH key authentication on a non-default port, fail2ban, and a UFW firewall. Database backups are encrypted with AES-256 at rest in Cloudflare R2 and pruned after 90 days. The Listmonk and Plausible databases run on a hardened Ubuntu LTS host with automatic security patching.
Can I opt out of analytics?
Yes. Self-hosted Plausible honors the Do Not Track and Global Privacy Control browser signals. If either is set, we record nothing. You can also block our analytics endpoint with uBlock Origin or Privacy Badger; the page still works, no event is recorded. The cookie banner offers a one-click opt-out for non-essential categories.
How do I contact the data protection officer?
Email [email protected] for any privacy matter. We have not formally designated a Data Protection Officer under GDPR Article 37 because our processing doesn't meet the mandatory thresholds (no large-scale special-category processing, no large-scale regulatory monitoring). The mailbox is monitored by our editorial team during business hours, with a 5-business-day response target.
Where do I file a complaint?
Under GDPR Article 77 you may complain to your national supervisory authority. Under CCPA to the California Attorney General. Under LGPD to ANPD in Brazil. Under PIPL to the Cyberspace Administration of China. Under PIPA to PIPC in South Korea. You don't have to contact us first. We don't retaliate against complainants in any way.
Are minors allowed on bestgirlfriend.ai?
No. The site is for adults aged 18 or over (21 where local law requires). We don't knowingly collect data from anyone under 18. If we learn we have, we delete it immediately. The age gate, regional age-verification rules, and protective measures are documented at /age-verification.
How will I know if this policy changes?
Material changes are announced in our newsletter at least 30 days before the effective date and stamped on the page with an updated revision date. Non-material changes (typos, link fixes, clarifications) update the page without separate notice. The 'Last reviewed' stamp at the top updates with every revision. Older versions remain accessible via the Internet Archive.
Related trust pages: About · Editorial Process · Methodology · Affiliate Disclosure · Cookies · DMCA · Terms · Errata · Age Verification · Contact
Last verified 2026 · See errata log for any post-publish corrections · Editor: Alexandra Joly · About · Editorial process · Affiliate disclosure