All data is transmitted encrypted via HTTPS. This includes passwords and session IDs. Session IDs are stored in cookies.
All data is stored in plaintext, except passwords and session IDs. These are salted, peppered and hashed with SHA256 between 10000 and 20000 times (random number for each user). The result is stored. This same process is done again whenever a password or session ID is provided and the result is checked against the stored hashed values. As far as we're aware, this method means a breech of our database would not result in username/password combinations being obtainable through brute-forcing with current technology. Weak passwords are however easily obtainable no matter what encryption we use.
If you wish to get a copy of all the data we have on you, please click the link labeled "User Data" in the menu, or visit us on Discord by clicking the button in the page's header and ask for an administrator. We'll need to authenticate you first though.
If you wish us to delete the data we have, please visit us on Discord by clicking the button in the page's header and ask for an administrator. We'll need to authenticate you first though.
This software is open-source. Please feel free to validate these claims by examining the code for yourself. The code is linked in the page's footer.