The data we store
We store as little information on our users as possible, as our intention is to hold no non-public information.
The signup process
Upon signup, users are required to provide the following:
- a username
- a password
Optionally, users can provide:
- an email address
Upon signup, we:
- hash (bcrypt) the provided email address
- hash (bcrypt) the password
- hash the user's peppered IP address (excluding accounts created before February 26th, 2021)
We store the provided username, password hash, IP hash, optional email hash, and various platform-related metrics, such as which community drove the signup.
We do not verify that the provided email address is valid.
After that
During use of our sites, we store a hash of the user’s latest IP address, which is overwritten every time it changes.
When uploading media content (such as images), we may store a hash of the user’s IP address, due to the content that could be uploaded.
We do not store access logs for either users or guests.
We do not store legal names, SMS data, health or financial information, or any other private information not listed in this document.
Account Deletion
When a user deletes their account, we wipe their post, comment, and message history. We also wipe their last known IP address, their signup IP address, their email hash, and their password hash.
Why we store so little data
We do not need data, it is not our business model, and it is nothing but a liability. We want to minimize the data that we are responsible for in the event of a database breach.
Compliance
We would be required to comply with valid legal requests.