Privacy Policy

Last updated: 2026-04-28

What we collect

• Account data: email, hashed password, display name, first and last name, optional country and state.
• Comments you post, including your display name and timestamp.
• Mailing list: email address only (footer signup), or full account details if you sign up for an account.
• Operational data: IP address briefly retained for rate-limiting and abuse prevention; standard server logs.

What we do not collect

• We do not run third-party advertising, marketing pixels, or fingerprinting.
• We do not collect Social Security Numbers, credit cards, or other sensitive identifiers, despite any joke fields you may see during signup. Those fields are read-only and discarded server-side.

Analytics

We use Vercel Analytics to count page views and understand traffic patterns. It is cookieless, does not use any cross-site identifiers, and does not collect personal data. Visitor data is retained for 30 days and then discarded. You can read Vercel's data-handling commitments in the Vercel Privacy Policy.

How we use it

• To create and authenticate your account.
• To deliver email verification, password resets, and (with your consent) the band mailing list.
• To display your comments with your chosen display name.
• To enforce site rules and stop abuse.

Data processors we share with

• Vercel (hosting, server logs).
• Neon (database).
• Upstash (rate limiting).
• Resend (transactional email: verification, password reset).
• Mailchimp (band mailing list, when you opt in). See Mailchimp's privacy policy.

How long we keep it

Account data is kept until you delete your account. Comments are soft-deleted by default and retained for moderation context. Server logs and rate-limit data are kept for up to 30 days.

Your rights (GDPR / UK GDPR)

If you are in the EU, EEA, UK, or other jurisdictions with similar laws, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Erase your data (use the “delete my account” button on your account page, or email us).
• Restrict or object to processing.
• Receive a copy of your data in a portable format.
• Withdraw consent for the mailing list at any time via the unsubscribe link in any email.

Cookies

We use only strictly necessary cookies: an authentication session cookie when you are logged in, and a CSRF token cookie. We do not use analytics or advertising cookies. A small dismissible notice is displayed about this on first visit.

Children

This site is not directed to children under 13 (under 16 in some EU countries). Do not create an account if you are below the relevant age.

Contact

For privacy questions or to exercise your rights, contact: legal@cybercriminal.net.

Changes

We may update this policy. The date at the top reflects the most recent revision. Significant changes will be announced on the site.