We never sell, rent, or trade your personal data to any third party. Ever.
sinister.wtf runs no advertising. Your behaviour is never profiled for advertisers.
We collect only what is strictly necessary to operate the platform. Nothing more.
No Google Analytics, Meta Pixel, or any cross-site tracking scripts on our platform.
Request deletion of your data at any time. We will honour it promptly and fully.
This document describes everything. No hidden clauses, no buried exceptions.
Privacy is a right, not a feature. sinister.wtf is built with a minimal-data philosophy. We collect only what we need to keep the platform running, we never sell it, and we never profile you for any commercial purpose. This policy tells you exactly what we do — and do not — do with your information.
sinister.wtf is a private, invite-only social platform accessible at sinister.wtf and its associated subdomains. References to "we," "us," or "our" in this Privacy Policy refer to the operators of sinister.wtf.
This Privacy Policy applies to all users of sinister.wtf and any of its subdomains, including but not limited to dashboard, docs, status, terms, and privacy subdomains. It governs how we collect, use, and protect information in connection with your use of the platform.
If you have any questions about who controls your data or how to exercise your rights, please contact us through the channels listed in Section 12.
We collect the minimum amount of information necessary to provide the platform. Below is a complete account of what we collect and why.
INFORMATION YOU PROVIDE DIRECTLY
| Data | Why we collect it |
|---|---|
| Username / alias | To identify your public profile on the platform |
| Email address | For account authentication, password recovery, and critical platform notices |
| Password (hashed) | Stored as a one-way bcrypt hash — we cannot read your password |
| Profile content | Bio, social links, avatar, and other fields you choose to add to your profile |
| Invite code used | To trace the invite chain for abuse prevention |
INFORMATION COLLECTED AUTOMATICALLY
| Data | Why we collect it |
|---|---|
| IP address | Rate limiting, abuse prevention, and security logging. Not linked to your profile. |
| HTTP request logs | Standard server logs retained briefly for debugging and security. Not used for profiling. |
| Session token | To keep you logged in across page loads |
| 2FA status & secrets | If you enable two-factor authentication, we store an encrypted TOTP secret |
We do not collect your device fingerprint, browsing history, precise location, contact lists, or any data beyond what is listed above. We do not run analytics scripts that track behaviour across sessions or pages.
We use the information we collect exclusively for the following purposes:
We do not use your data for any purpose not listed above. We do not build behavioural profiles, segment users for advertising, or perform automated decision-making that produces legal or similarly significant effects.
We believe these commitments deserve their own section, stated plainly and without qualification:
We will never sell your data. Not to data brokers, advertisers, analytics companies, or any other third party. Under any circumstance. If sinister.wtf were ever acquired or transferred, any acquirer would be contractually bound to this same commitment or required to delete all user data.
sinister.wtf uses a minimal set of cookies and browser storage technologies, strictly limited to what is necessary for the platform to function.
| Name / Type | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you authenticated across page loads | Session / configurable |
| CSRF token | Protects against cross-site request forgery attacks | Session |
| Preference storage | Stores client-side UI preferences (e.g. theme, layout settings) | Persistent, local only |
We do not set advertising cookies, analytics cookies, or any cookie that is shared with or readable by third parties. You may clear all cookies at any time through your browser settings; doing so will log you out of the platform.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.
If you delete your account, your username will be released and your profile, content, and personal data will be permanently removed from all active systems within 30 days. Backup purge follows the 60-day cycle described above.
sinister.wtf uses a small number of third-party infrastructure providers to operate the platform. These providers act as data processors — they handle data only on our instruction and are contractually prohibited from using it for their own purposes.
| Provider | Purpose | Data shared |
|---|---|---|
| Hosting / Cloud provider | Server infrastructure | All data (encrypted at rest) |
| Transactional email provider | Sending password resets and security emails | Email address, email content only |
| hCaptcha | Bot prevention on registration and login | Behavioural signals per hCaptcha's privacy policy |
| Cloudflare R2 / CDN | File and asset storage, DDoS protection | Uploaded files, IP addresses |
| Discord (optional) | Linked account integration if you choose to connect Discord | Discord user ID, username (only if you link) |
We do not integrate with any advertising networks, data brokers, social media tracking services, or analytics platforms. The list above is exhaustive — we do not share data with any service not named here.
hCaptcha's data handling is governed by hCaptcha's own Privacy Policy. By using sinister.wtf, you acknowledge that bot-prevention checks are processed by hCaptcha. If you have linked a Discord account, Discord's Privacy Policy applies to that connection.
We take the security of your data seriously. The following measures are in place to protect your information:
No system is perfectly secure. While we apply industry-standard protections, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately using the details in Section 12.
Regardless of where you are located, we recognise the following rights with respect to your personal data:
To exercise any of these rights, contact us through the channels in Section 12. We will respond within 30 days. We will never charge a fee for reasonable data requests.
Account deletion is always available. You can delete your account at any time from within the platform dashboard. No dark patterns, no waiting period, no "are you sure?" loops designed to discourage you.
sinister.wtf is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13 years of age. If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that data.
Users between the ages of 13 and 17 may use the platform only with the express consent of a parent or legal guardian, as described in our Terms of Service. If you are a parent or guardian and believe your child has registered without your consent, please contact us immediately.
We may update this Privacy Policy from time to time. We will indicate the date of the most recent revision at the top of this document. For material changes — such as new categories of data collected or new purposes for processing — we will notify users through the platform and, where appropriate, via email.
Your continued use of sinister.wtf after an updated policy takes effect constitutes acceptance of the revised terms. If you do not agree to the revised policy, you must cease using the platform and may request deletion of your data.
We will never silently downgrade your privacy protections. Any change that expands data collection or sharing will be communicated prominently before it takes effect.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out through the following channels:
For formal privacy requests — data access, deletion, or portability — please use "Privacy Request — sinister.wtf" in the subject line. We will acknowledge your request within 5 business days and fulfil it within 30.