None of the bullshit, Privacy & Security is serious.
How we secure Data
- Salted hashes passwords.
- SSL. and forced HTTPS. (Check for the lock)
- We are privately owned and do not answer to a parent company.
- Private data for our services is stored on encrypted drives.
- After 3 months, Old Private user data is packaged up, encrypted with AES-1024, Sent to a foreign country server, then the key is emailed to your account. We then forget the key, and scrub the memory where it was. (You can also opt-out of this, we then just delete and scrub)
- We also maintain bots that watch known leak locations and maintain a database of leaked passwords. When you sign up, we check to see if that password is vulnerable. When new leaks are found, we check the hashes of these new leaks to our own internal DB. If its found, we lock the account, and send you an email.
- There is also some honeypot activity.
- We use these options where available and where it makes sense.
- We have not received any request to turn over our SSL keys.
- We have not installed software to subvert our privacy or security.
- We have never terminated a customer or taken down content due to political pressure.
- We have never provided any law enforcement organization a feed of customers’ content transiting their network.
- We have not turned over any data to any entity.
- Who likes Government over-site and over-broad subpoenas? We don’t!
Data Collection & Sale
We do collect some data. Everyone does in one way or another, its how the site works. How do you expect us to give you an account if we cant have your username?
You may at any time, contact us, and after verification, we will delete all records and traces of your activity in our services where applicable.
What we collect:
- Usernames (Duh)
- Password Hashes (also duh)
- IP Addresses (Security duh)
- Email (Account management and recovery duh)
- How often you log in, and where from (Bot mitigation)
- How often you fail to log in (Bot mitigation)
- Any errors you may encounter while using our site and services. (Vulnerability detection)
What we sell:
Our Services are not explicitly aimed at people under 18 and we do not knowingly collect personal information from children without appropriate parental or guardian consent.
If you believe that we may have collected personal information from someone under the age of 13 (or the applicable age of consent) without proper consent, please let us know.
Any services that may be used by persons under the age of 18 are designed in such a way to only track non identifying information, for purposes of our system and security.
We like to think different.