Added a more user friendly legalese pages

client/gdpr.html

@@ -0,0 +1,38 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8"/>
+  <title>GDPR Notice — GreenCoast</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1"/>
+  <link rel="stylesheet" href="./styles.css"/>
+</head>
+<body class="container">
+  <h1>GDPR Notice</h1>
+  <p class="muted">Effective: 2025-08-22</p>
+
+  <h2>Controller</h2>
+  <p>The operator of this shard acts as data controller. Contact: <em>dsapelli@yahoo.com</em>.</p>
+
+  <h2>Lawful bases</h2>
+  <ul>
+    <li><strong>Public posts:</strong> performance of service you request.</li>
+    <li><strong>Private posts:</strong> performance of service; encryption keys never leave your device.</li>
+    <li><strong>SSO (optional):</strong> your consent with the chosen provider.</li>
+  </ul>
+
+  <h2>Minimization & storage</h2>
+  <p>No user profile, no behavioral analytics. Objects are stored by content hash; server logs are minimized and scrubbed of IPs/UA where feasible.</p>
+
+  <h2>International transfers</h2>
+  <p>Content may be hosted where you deploy the shard. Using third-party SSO may transfer data to those providers’ regions.</p>
+
+  <h2>Data subject rights</h2>
+  <p>Access/erasure/rectification: We do not keep a server-side identity. Uploaders can delete objects by hash if they still possess authorization. Encrypted content cannot be decrypted server-side.</p>
+
+  <h2>Complaints</h2>
+  <p>You may lodge a complaint with your local supervisory authority.</p>
+
+  <p class="muted small">This document is informational and not legal advice.</p>
+  <p><a href="./index.html">Back</a></p>
+</body>
+</html>