Privacy & Security

• Username — plain text, for login
• Email — only a cryptographic hash, never the address itself
• Password — only a cryptographic hash

No real names or other personal information is collected.

Your email is transformed into a one-way hash before storage. We cannot retrieve it, and neither could an attacker with database access. During account recovery, we hash the email you provide and compare it to the stored hash — the original is never seen or stored.

All sensitive data is hashed with bcrypt (10 rounds), with unique per-user salts and a server-side pepper.