Privacy Policy

Account Information:

• ▸ Username (pseudonym accepted and encouraged)
• ▸ Email address (for account recovery only)
• ▸ Hashed password (bcrypt, never stored in plaintext)

Operational Data:

• ▸ Order history (encrypted at rest)
• ▸ Forum posts (public, under your chosen pseudonym)
• ▸ Session tokens (temporary, auto-expire)

• ✕ Real names or government IDs
• ✕ IP addresses (not logged by policy)
• ✕ Browser fingerprints or tracking cookies
• ✕ Third-party analytics (no Google Analytics, no trackers)
• ✕ Payment details (handled by cryptocurrency — we never see your wallet)
• ✕ Behavioral data or usage patterns

• ▸ All passwords hashed with bcrypt (cost factor 12)
• ▸ CSRF protection on all forms
• ▸ Prepared statements for all database queries (SQL injection prevention)
• ▸ XSS sanitization on all user inputs
• ▸ Secure session management with HttpOnly cookies
• ▸ Regular security audits of our own infrastructure

• ▸ Access: View all data we hold about you via your profile settings
• ▸ Rectification: Update your information at any time
• ▸ Deletion: Request complete account deletion — we will purge all data within 48 hours
• ▸ Portability: Export your data in standard formats