The data we store

We store as little information on our users as possible, as our intention is to hold no non-public information.

The signup process

Upon signup, users are required to provide the following:

  • a username
  • a password

Optionally, users can provide:

  • an email address

Upon signup, we:

  • hash (bcrypt) the provided email address
  • hash (bcrypt) the password
  • hash the user's peppered IP address (excluding accounts created before February 26th, 2021)

We store the provided username, password hash, IP hash, optional email hash, and various platform-related metrics, such as which community drove the signup.

We do not verify that the provided email address is valid.

After that

During use of our sites, we store a hash of the user’s latest IP address, which is overwritten every time it changes.

When uploading media content (such as images), we may store a hash of the user’s IP address, due to the content that could be uploaded.

We do not store access logs for either users or guests.

We do not store legal names, SMS data, health or financial information, or any other private information not listed in this document.

Account Deletion

When a user deletes their account, we wipe their post, comment, and message history. We also wipe their last known IP address, their signup IP address, their email hash, and their password hash.

Why we store so little data

We do not need data, it is not our business model, and it is nothing but a liability. We want to minimize the data that we are responsible for in the event of a database breach.

Compliance

We would be required to comply with valid legal requests.