Privacy Policy
This site is built with privacy as a default, not an afterthought. Here's what we collect and why, in line with Singapore's Personal Data Protection Act (PDPA).
What we collect
- Anonymous like/reaction token — a random UUID stored in an HttpOnly, SameSite=Strict cookie for one year. It cannot identify you personally; it only lets you toggle a like on/off.
- Hashed IP addresses — your IP is combined with a daily-rotating salt and hashed with SHA-256 before storage. We never store your raw IP. This is used only for basic rate limiting and abuse prevention.
- Standard server logs — request method, path, response status, and duration, kept for 90 days then automatically deleted.
What we don't do
- No third-party analytics or tracking scripts (no Google Analytics, no Facebook Pixel).
- No advertising cookies.
- No selling or sharing of any data with third parties.
Essential cookies
We use essential cookies only: your session (if you're logged in), CSRF protection, and the anonymous like token described above. These are required for the site to function and are not used for tracking.
Contact
Questions about this policy can be directed via the contact links in the footer.