Privacy Policy

Last updated: 2026-05-07

What we collect

• Account data: email, hashed password, display name, first and last name, optional country and state.
• Comments you post, including your display name and timestamp.
• Mailing list: email address only (footer signup), or full account details if you sign up for an account.
• Operational data: IP address briefly retained for rate-limiting and abuse prevention; standard server logs.
• Analytics and marketing data (only with your consent): page views, referrer, device and browser info, and pseudonymous identifiers used by Google Analytics and the Meta Pixel.

What we do not collect

• We do not collect Social Security Numbers, credit cards, or other sensitive identifiers, despite any joke fields you may see during signup. Those fields are read-only and discarded server-side.

Analytics and marketing

We use Vercel Analytics for cookieless page-view counts (no cross-site identifiers, 30-day retention). See the Vercel Privacy Policy.

With your consent, we also load Google Analytics 4 and the Meta (Facebook) Pixel. These services set cookies and may use pseudonymous identifiers to measure traffic and the effectiveness of marketing. They are loaded only after you click “Accept” on the cookie banner and are not loaded if you click “Reject.” You can change your choice at any time using the “Manage cookies” link in the footer. See the Google Privacy Policy and the Meta Privacy Policy.

How we use it

• To create and authenticate your account.
• To deliver email verification, password resets, and (with your consent) the band mailing list.
• To display your comments with your chosen display name.
• To enforce site rules and stop abuse.

Data processors we share with

• Vercel (hosting, server logs, cookieless analytics).
• Neon (database).
• Upstash (rate limiting).
• Resend (transactional email: verification, password reset).
• Mailchimp (band mailing list, when you opt in). See Mailchimp's privacy policy.
• Google (Google Analytics 4, only after you accept the cookie banner).
• Meta Platforms (Meta Pixel, only after you accept the cookie banner).

How long we keep it

Account data is kept until you delete your account. Comments are soft-deleted by default and retained for moderation context. Server logs and rate-limit data are kept for up to 30 days.

Your rights (GDPR / UK GDPR)

If you are in the EU, EEA, UK, or other jurisdictions with similar laws, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Erase your data (use the “delete my account” button on your account page, or email us).
• Restrict or object to processing.
• Receive a copy of your data in a portable format.
• Withdraw consent for the mailing list at any time via the unsubscribe link in any email.

Cookies

Strictly necessary cookies are always set: an authentication session cookie when you are logged in, and a CSRF token cookie. With your consent, Google Analytics and the Meta Pixel also set their own cookies for measurement and marketing. On your first visit you will see a banner with “Accept” and “Reject” options; your choice is stored locally and can be changed any time via the “Manage cookies” link in the footer.

Children

This site is not directed to children under 13 (under 16 in some EU countries). Do not create an account if you are below the relevant age.

Contact

For privacy questions or to exercise your rights, contact: legal@cybercriminal.net.

Changes

We may update this policy. The date at the top reflects the most recent revision. Significant changes will be announced on the site.