PlainWire

Privacy Policy

Last updated: 2025

1. Data We Collect

PlainWire is designed with privacy as a core principle. We collect the minimum data necessary to operate:

• IP Address — Used for: rate limiting, country-based content selection, and security. IP-to-country lookups are cached temporarily (30 minutes) and not stored permanently.
• Account Data — If you create an account: username and password hash only. Passwords are hashed server-side and never stored in plaintext.
• Session Tokens — Temporary cookies for logged-in users. HttpOnly, Secure, SameSite=Lax.

2. Data We Do NOT Collect

• No analytics or tracking scripts
• No advertising network pixels
• No browser fingerprinting
• No email addresses (unless you provide one voluntarily)
• No browsing history or reading patterns
• No third-party cookies

3. Cookies

PlainWire uses only essential cookies:

• session — Authentication cookie for logged-in users (HttpOnly, session-scoped)
• theme — Theme preference (light/dark/auto), set via localStorage, not a cookie

4. Data Sharing

We do not sell, rent, or share any user data with third parties. Period.

5. Data Retention

• Server access logs: retained for operational/security purposes, rotated regularly
• User accounts: retained until you delete your account
• IP cache: 30-minute TTL, automatically purged

6. Your Rights (GDPR / CCPA)

You have the right to:

• Access your data — Use the Account page
• Delete your account — Use Account → Delete Account (immediate, irreversible)
• Export your data — Available via API for logged-in users
• Opt out of data collection — Simply don’t create an account; the site works fully without one

7. Children’s Privacy

PlainWire does not knowingly collect data from children under 13. If you believe a child has provided personal information, contact us for removal.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page.

9. Contact

Privacy inquiries: privacy@plainwire.org