privacy

• The text of your post, comment, or report.
• The country and category you tag your post with.
• A SHA-256 hash of (your IP + user-agent + a server-side salt), used solely for rate limiting and to keep duplicate posts off the feed. The salt rotates and is not recoverable to any specific person.
• Anonymous PostHog events for product analytics. IP autocapture is disabled.

• No accounts, no email, no phone, no name.
• Your raw IP is never written to the database.
• No browser fingerprinting beyond the user-agent string.
• No tracking cookies. We use one functional cookie for the 18+ confirmation.

The most we have for any single post is the client_hash, the country, the category, and the timestamp. None of that identifies a person.

• Posts and comments persist until removed by the author or a moderator.
• Edge Function logs (which transiently see raw IP) are kept 7 days, then purged.
• Reports are retained for 90 days post-resolution.

You can request removal of any of your own posts via the report form by selecting "this is my own content." Because we have no user identity, removal is best-effort: include enough context (timestamp, category, partial wording) so we can locate the post.