Privacy Practices

Applies to all sites in the Soteria portfolio — Last reviewed: January 2026

Who we are

Soteria operates a portfolio of web-based services. This page describes the privacy practices that apply across every site we run. Individual sites may have additional notices where a specific service requires it, but the principles here are the floor — no site falls below them.

We are based in the United States and our services are intended for US residents only. We do not target users in the European Union, the United Kingdom, Canada, Brazil, or any other jurisdiction with data protection laws that would require us to collect more information than our standards permit.

What we collect and why

We collect the minimum information needed to operate each service.

Data typeWhy it is collectedHow long it is kept
Email addressAccount creation and transactional email (receipts, security alerts). Never used for marketing without explicit opt-in.Until account is deleted
Password (hashed)Authentication. Stored as a one-way hash — we cannot read your password.Until account is deleted
Session tokenKeeps you logged in during a visit. Stored in a cookie on your device only.Until you log out or session expires
IP addressSecurity — rate limiting and blocking abusive requests. Logged by our web server for operational purposes.Up to 30 days
Page views (anonymous)Understanding which pages are used. No user identification — aggregate counts only.Aggregate only, no expiry
Contact form submissionsResponding to your enquiry. Delivered to our inbox and not stored in a database.Only as long as the email thread exists

What we do not collect

  • Device fingerprints
  • Browsing history outside our sites
  • Location data beyond country-level (used only for access control)
  • Demographic information
  • Payment card numbers (payments are handled by a third-party processor)
  • Any data about minors

Cookies

We use a single session cookie per site to keep you logged in. This cookie contains a random identifier only — no personal information. It is deleted when you log out or the session expires.

We do not use advertising cookies, tracking cookies, or third-party cookies of any kind. The hCaptcha widget on our contact form may set a short-lived functional cookie as part of its spam prevention process. This is the only third-party cookie present on any Soteria site.

Third parties

We do not sell, license, rent, or share your personal information with any third party for commercial purposes. The following have limited, purposeful access:

  • hCaptcha — used on contact forms to prevent automated spam. We chose hCaptcha specifically because its privacy practices are materially better than alternatives such as Google reCAPTCHA.
  • Brevo — contact form replies and transactional email are delivered via Brevo’s SMTP relay. Message content passes through their servers in transit only.
  • Vultr — our servers run on Vultr’s infrastructure. Vultr has access to the server environment as a hosting provider.

No other third party has access to data collected on our sites.

Why some countries are blocked

Access to Soteria sites is restricted to US residents. Users connecting from the EU, UK, Canada, Brazil, and certain other regions will be unable to access our services.

This is a deliberate policy choice. Privacy regulations in those regions — including GDPR, PIPEDA, and LGPD — require any service that handles their residents’ data to collect, document, store, and produce that data on request, and to delete it on demand with a full audit trail.

Meeting those requirements means building systems to hold more data about users than our own standards allow. We consider that an unacceptable trade-off. Blocking access is the honest alternative to building fake compliance infrastructure. We respect those laws; we simply cannot comply with them and remain a minimal-collection operation.

Data security

All connections use HTTPS. Passwords are hashed using bcrypt before storage. We do not transmit sensitive data in plain text. Access to production systems is restricted to authorised personnel only.

If you discover a security issue on any Soteria site, please contact us at contact form.

Your rights

Because we serve US residents only and do not target California residents, CCPA obligations do not apply. However, we honour the following regardless:

  • You may request a copy of the personal data we hold about you.
  • You may request deletion of your account and associated data.
  • You may opt out of any optional email communications at any time.

To make any of these requests, contact us at contact form.

Changes to this policy

If we make material changes, we will update the date at the top of this page and, where appropriate, notify registered users by email.

Contact

Questions about this policy can be submitted via our contact form.