Things we do with your data. ( ͡° ͜ʖ ͡°)
Before you start
We just wanna let you know that we truly believe in your right to know how all data that we collect is being used. That's why we sat down and tried to explain every single point of data as humanly as possible - no lawyer talk!
Meta Data
This data tells us when and how you interact with our
service. We use this data exclusively to figure out how our userbase
develops and to measure if people successfully get to where they
wanted in a reasonable time. This helps us greatly when we try to
determine if a feature is well-designed or needs an overhaul.
To collect this type of data, we use
Google Analytics
and our own analytics service which does not share data with
anyone else.
Password Storage
We store all passwords using the bcrypt hash algorithm with 15 salt rounds. Tech talk aside - it's pretty secure. This means that in case of a security breach, it'll be as hard as possible for attackers to get your actual password. That doesn't mean it's impossible to crack the password however, so make sure you have a unique password with reasonable complexity.
User data
Any usernames, emails or other data that needs to be
looked up on demand will have to remain stored in plaintext. So if
we ever do a whoopsie in our database setup and data starts leaking,
an attacker could combine this data to get some insights into who
you are.
To combat this, we heavily suggest using a unique password for your
email account that is not shared with any other service. We also
recommend having a look at
haveibeenpwned to see if your password has been leaked on
another service.
Luckily, we don't force you to register with an email address. While this
is not recommended as it makes the password recovery process very
difficult, it also means that nobody will track down more of your
data in case of a security breach.
Actions upon a security breach
Should somebody sneak into our systems and leak sensitive user
information, we'll make sure to prepare an announcement within 7 days
after the issue has been resolved.
If this ever happens, there's no need to freak out. No passwords will be leaked,
and we'll provide detailed instructions on how to avoid further
issues depending on the situation.