I can't seem to see a privacy policy link anywhere so I thought I'd just make a post.
What information is kept regarding accounts, i.e. things like:
-Previous Pseudonyms -Login Methods -Email -etc.
Wow, almost all traffic is US based.
I personally wish there was an option to delete data such as posts or accounts in general. I get no edit button after 10m but knowing I would not have the ability to delete was seriously one of the reasons I considered not coming back and making a new account on here.
Broh. I didn't knoh.
tldr we try to be as private as possible and be what you see is what we get.
-Previous Pseudonyms
We don't track other nyms you might've had.
Login Methods
We don't store email addresses unless you sign up using email, or sign up for the newsletter.
If you sign up with github or twitter, all we store is the username (to give you a default nym that you can change) and id (to allow you to get back into your account). We never store any other information.
We don't share your email with anyone. We self-host a newsletter service to provide the weekly newsletter.
The only other thing you might worry about is analytics. We only use Plausible and the analytics are public and available in the footer: https://plausible.io/stacker.news. We don't store IPs or anything else that might jeopardize privacy.
k00b, how long are you storing wallet transaction data? Lightning invoices and deposit info.
I don't currently have a policy around discarding it.
Who does a good job of this? Are you aware of any custodial wallets that discard tx data? I'd love learn what decisions and tradeoffs they made here.
I suspect storing deposits is fine, given sender privacy is excellent. It definitely makes sense to discard invoices some period after a withdrawal though.
I don't have any good real life examples I can over up with at the moment.
Instead of setting an arbitrary time frame, I wonder if a user clickable button in settings to clear withdrawal database records for that user would work best. Gives the user the option of keeping data or clearing.
I understand if there may be a conditional time frame when you would keep for debugging. Example: Past 30 days is not able to be deleted.
Giving the user the option is a great solution.
The debugging use case is good. Another is if someone gains access to a user's account, steals their funds, then clears the withdrawal invoice history to cover their tracks.
Other than that, I don't think there'd be much in the way of doing this. I'll put up a GH issue.
Shortly after this post there is another post for SN's Privacy Policy that was created:
Stacker News Privacy Policy #76894