Privacy
Privacy
Short version: we collect the minimum we need to make the site work, hash anything we can hash, and delete on request. The long version is below.
What we collect
- Affiliate clicks: when you click an affiliate link, we record device class (desktop/mobile/tablet/bot), country code from your CDN headers, a SHA-256-hashed IP (salted, not reversible to the raw IP), and any UTM parameters. We do not record your raw IP address.
- Reviews: when you submit a review, we store the email address you provide until you verify it, then keep only a SHA-256-hashed version (salted) for dedupe. Display name is optional. We do notstore passwords because we don't have user accounts.
- Server logs: standard HTTP access logs are written to disk and rotated. They contain timestamps, paths, status codes, and User-Agent. They do not include any submitted form data.
What we don't collect
- No account registration; no passwords; no payment information.
- No third-party analytics scripts (no Google Analytics, no Facebook Pixel).
- No cookies beyond Next.js session-state strictly-necessary cookies.
- No raw IP addresses (only salted hashes for click-fraud detection).
Retention
- Unverified review submissions: deleted automatically after 7 days if not verified.
- Verified reviews:retained indefinitely (they're public content). The raw email is cleared on request via our erasure handler.
- Affiliate clicks: retained for 24 months for chargeback / attribution disputes, then aggregated into per-firm counts and the row-level data is deleted.
Your rights (GDPR / CCPA)
If you submitted a review with an email address, you have the right to ask us to:
- Confirm whether we hold data about you (we probably don't, beyond a hash)
- Export anything we have
- Delete the review and clear the email field
- Withdraw consent at any time
Email contact with the email address you submitted reviews under, and we will respond within 30 days.
Updates
Last updated: 2026-05-19.