> privacy policy

Email address (optional, if you sign up), X handle and ID (if you link X), tokens you scan, IP address (for rate-limiting and abuse prevention), and a single httponly session cookie.

Data lives in a SQLite database on infrastructure we operate. Passwords are bcrypt-hashed. Disk encryption is used where the platform supports it.

Operating the service, rate-limiting, abuse prevention, and transactional email (verification, password reset). No profiling. No behavioral advertising.

Resend delivers transactional email. X provides OAuth sign-in only — we never see your password, DMs, or private data.

We do not sell, rent, or share personal data with advertisers, data brokers, or other third parties for marketing.

One httponly session cookie. No third-party tracking pixels, no ad cookies.

Account data is kept until you delete your account. To request deletion, DM @0xKaroshi on X — handled within 7 days.

The service is not directed at anyone under 18 and we do not knowingly collect data from minors. If notified, we will remove it.

This policy may be updated; material changes will be announced via the site or email.

Privacy, data, or deletion requests: DM @0xKaroshi on X.