Privacy Policy

This site is run by one person. It exists to share writing, ideas, and community discussion — not to harvest data. This policy explains, in plain language, what happens to your data when you use silentstones.net.

What This Site Collects

Forum Accounts

If you register for the forum, you provide a username and email address. A secure password is generated for you. The following data is stored in a Cloudflare D1 database:

• Username
• Email address
• Salted password hash (PBKDF2, SHA-256, 100,000 iterations — never the plaintext password)
• Profile information you choose to provide (bio, signature)
• Profile picture (if uploaded — stored on Cloudflare R2)
• Forum posts, replies, and poll votes
• Account metadata (registration date, role, session data)

Your email is used for account verification, password resets, and notification delivery. It is not shared, sold, or used for marketing.

Forum posts (threads and replies) are publicly visible to all site visitors. Your username is displayed alongside your posts.

Knowledge Hub

If you submit guides or articles to the knowledge hub, your username and content are publicly visible. Ratings you leave on guides are recorded and associated with your account.

Private Messages

The site provides private messaging between registered users. Message content, sender, recipient, and timestamps are stored in the database. Private messages are not end-to-end encrypted. They are not publicly visible but may be accessed by the site administrator to investigate abuse reports or comply with legal obligations.

Notifications and Email

If you have a forum account with a verified email, you may receive email notifications for replies to threads you're subscribed to, @mentions in forum posts, new private messages, and moderation actions on your account.

These emails are sent via Resend (resend.com). Your email address is transmitted to Resend solely for delivery purposes. Resend's privacy policy governs their handling of this data.

You can manage your notification preferences through your account settings. These are transactional emails, not marketing.

Contact Form

If you use the contact form, you voluntarily provide your email address, an optional name, and a message. This information is stored in the database and delivered to a private email address via Resend. It is used solely to respond to your message and is not sold, shared, or used for marketing.

Profile Pictures and Uploads

If you upload a profile picture, it is stored on Cloudflare R2 (object storage). If you do not upload a profile picture, a default avatar is generated using the DiceBear API based on your username. DiceBear's privacy policy governs their handling of requests to their service.

Uploaded images may be cached by Cloudflare's CDN for performance purposes.

View Counts and IP Addresses

Forum thread view counts are deduplicated by IP address to prevent artificial inflation. IP addresses used for this purpose are not stored long-term or associated with user accounts.

Rate Limiting

Write actions (posting, registration, messaging) are rate-limited using Cloudflare KV. Rate limit data is keyed by IP address and expires automatically. This data is used solely for abuse prevention.

Server Logs

This site is hosted on Cloudflare Workers. Cloudflare may collect basic request data (IP address, browser type, pages visited) as part of their infrastructure. This is standard web hosting behaviour and is governed by Cloudflare's privacy policy. No additional analytics tools are used.

Cookies

This site uses cookies in the following categories. For full details, see the Cookie Policy.

Necessary Cookies

Cloudflare cookies (__cf_bm and similar) are required for security and site functionality. These cannot be disabled. A small cookie is also stored locally to remember your consent preferences.

Session Cookies

If you log in to the forum, a session cookie (ss_session) is set to keep you authenticated. This is an httpOnly cookie — it cannot be read by JavaScript — and expires after 72 hours.

Preference Storage

Your theme preference (light or dark mode) is stored in your browser's local storage, not as a cookie.

Embedded Content Cookies

The videos page may embed YouTube content using YouTube's privacy-enhanced mode (youtube-nocookie.com). YouTube may set cookies when you interact with the player. These are only loaded if you give explicit consent via the cookie banner. If you decline, no YouTube content is loaded and no third-party cookies are set.

Font Requests

This site loads fonts from Google Fonts. Google may log requests to their font servers. See Google Fonts privacy information for details.

What This Site Does Not Do

• No tracking pixels or fingerprinting
• No Google Analytics, Facebook Pixel, or any third-party analytics
• No advertising
• No data sold or shared with third parties for commercial purposes
• No profiling or automated decision-making about users
• No cross-site tracking
• No email marketing (unless explicitly opted in to a future feature)

Data Storage and Security

All data is stored using Cloudflare's infrastructure:

• D1 (SQLite database) — user accounts, posts, messages
• KV (key-value store) — sessions, rate limiting, cryptographic signing keys
• R2 (object storage) — uploaded profile pictures

Passwords are hashed using PBKDF2 with SHA-256 and 100,000 iterations. Session tokens are digitally signed using ML-DSA-65 (post-quantum cryptography).

While the site uses industry-standard security measures, no system is perfectly secure. The site operator accepts no liability for data breaches caused by circumstances beyond reasonable control.

Data Retention

• Forum accounts and posts — retained until you request deletion
• Sessions — expire after 72 hours and are removed from KV
• Rate limit data — expires automatically (short-lived)
• Contact form submissions — retained until manually deleted by the administrator
• Server logs — governed by Cloudflare's retention policies

Your Rights

If you're in the EU, UK, or another jurisdiction with data protection laws (GDPR, UK GDPR, etc.), you have the right to:

• Access — know what personal data is held about you
• Rectification — request correction of inaccurate personal data
• Erasure — request deletion of your personal data, including your account, posts, and messages
• Portability — request a copy of your data in a usable format
• Restriction — request that processing of your data be limited
• Objection — object to processing of your data
• Withdraw consent — at any time (clear your cookies or use the cookie banner)
• Complaint — lodge a complaint with your local data protection authority

To exercise any of these rights, use the contact form.

Third-Party Services

This site relies on the following third-party services, each with their own privacy policy:

This site does not control how these services handle data once it reaches their servers.

International Transfers

Your data is processed using Cloudflare's global infrastructure, which may involve transfer to servers outside the EU/UK. Cloudflare maintains appropriate safeguards for international data transfers. See Cloudflare's privacy policy for details.

Children

This site is not intended for users under 16 years of age. Accounts belonging to users under 16 will be terminated and their data deleted upon discovery. If you believe a user under 16 has created an account, please report it via the contact form.

Data Controller

For the purposes of GDPR and UK GDPR, the data controller is the individual operator of silentstones.net. Contact via the contact form.

Changes

If this policy changes, the date at the top will be updated. Material changes will be noted in a site announcement where practical. Continued use of the site after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Use the contact form.