Privacy

TODO: Real legal review before paid features ship. For now, this page is a plain-language description of the collection practices in v1.

What we collect

• Email address (required for account).
• Hashed password (never the plaintext).
• IP address and User-Agent on auth events (sign-up, login, login failures, password resets, account deletions). Used internally for abuse prevention and admin debugging. Never publicly displayed.
• If you bookmark or like a post (future), we record the post id + timestamp. We do NOT record IP for those events.

What we share

Nothing. cyfar.ca has no third-party analytics, no ad networks, and no data brokers. Email delivery is handled by Resend.

How long we keep it

• Auth event logs: indefinitely (anonymized after account deletion).
• Account data: until you delete your account (30-day soft delete, then permanent).

How to delete your account

Sign in and visit /me/delete. You'll get a confirmation email; clicking the link starts a 30-day grace period. Logging back in via password reset within 30 days restores the account.

Contact

Questions? Email the operator (link in the footer).