PrivateStaterData & Encryption Stack
Transparency and security are very important and should be guaranteed by default. That is why I organized what data PrivateStater handles, how it is protected in transit and at rest, and how it is used in the tables on this page. For legal text, see the /privacy.txt page.
Last updated: 2026-05-26 (UTC+9)
How to read these tables
Note: PrivateStater is a SaaS that mainly runs on the server, so end-to-end encryption cannot be applied for technical reasons. The same applies to other third-party SaaS that mainly run on the server.
| Term | Meaning in this document |
|---|---|
| In transit | Data moving between a browser, your website, and PrivateStater over HTTPS |
| At rest | Data kept on servers and databases after it is received |
| One-way hash | A one-way encryption technique used for verification; cannot be reversed to the original value |
| Provider security | Baseline security managed by hosting providers such as MongoDB and Redis Cloud |
| Plaintext storage | Readable in the database without decryption |
| Temporary | Held briefly in Redis or process memory, then removed by TTL, consumption, or end of request |
Infrastructure & storage locations
Primary database and application server regions.
| Main component | Provider & location | At rest | Stored content |
|---|---|---|---|
| Web servers | DigitalOcean, FRA1 (Germany) | Provider security | - |
| MongoDB | DigitalOcean, FRA1 (Germany) | Provider security | Accounts, projects, analytics, captcha, feedback, logs, registry, and similar |
| Redis | Redis Cloud, AWS us-west-1 (USA) | Provider security | Captcha/analytics buffers, session cache, public API rate-limit counters, and similar |
| Resend (third-party service) | - | Provider security | Recipient address, message body, bounce status |
| Paddle (third-party service) | - | Provider security (PCI DSS SAQ A compliant) | Payment methods and payment-related data |
Protection in transit
All endpoints are served over HTTPS. HSTS is enabled for stronger security, and the entire User–Cloudflare–PrivateStater path is encrypted with TLS.
| Path | In transit | Purpose |
|---|---|---|
| Dashboard ↔ privatestater.com | TLS | Dashboard, landing, API, and other features |
| Visitors ↔ privatestater.com | TLS | Analytics, Captcha, Feedback, and other features |
| Auth cookies | TLS, HttpOnly, Secure, SameSite=Lax | Keep account signed in, validate sessions |
PrivateStater ID
Account data is stored in MongoDB running on DigitalOcean Droplets.
| Data | Where stored | At rest | Retention |
|---|---|---|---|
| Username | MongoDB | Plaintext | Until account deletion |
| Password | MongoDB | SHA-256 hashed twice, then bcrypt (12 rounds) | Until changed or account deletion |
| MongoDB | Plaintext | Until changed or account deletion | |
| Email verification code | MongoDB | SHA-256 | 10 minutes |
| Session key | Cookie, MongoDB | Plaintext | 7 days |
| Session cache | Redis | Plaintext | 5 minutes |
| TOTP secret | MongoDB | Plaintext | Until 2FA is disabled |
| Recovery codes | MongoDB | SHA-256 | Until used |
| GitHub OAuth | MongoDB | Plaintext | Until unlinked |
| Open API key | MongoDB | Argon2id hash | Until deleted |
| Subscriptions / licenses | MongoDB, Paddle | Plaintext | Until cancelled |
| OAuth state | Server memory | Plaintext | 10 minutes |
Operational logs
This data is used only for troubleshooting and defending against attacks, not for marketing.
| Data | Where stored | At rest | Retention |
|---|---|---|---|
| Server logs | MongoDB | Plaintext (masked) | Up to 1 year |
| Account auth rate limits | RAM | Plaintext | - |
Third-party processors
Companies that process data on my behalf. (I do not sell your information.)
| Processor | Why it is shared |
|---|---|
| Paddle | Payments and subscription checkout |
| Resend | Sending email |
| GitHub | OAuth sign-in |
| Cloudflare | CDN |
| DigitalOcean | Web servers and databases |
| Redis Cloud | Database |