Privacy Policy
Stella Ops follows a zero‑telemetry stance: no Google Analytics, no pixels, no CDN beacons. We only keep data strictly required for security, abuse‑prevention or your optional 333‑scans/day token.
What we store & why
| Data | Purpose | Retention |
|---|---|---|
| Access‑log IP | DDoS & abuse detection | 7 days, then sha256(ip) |
| JWT token‑ID | Enforce free‑quota (33 / 333), throttling & nag banner | Hash only (sha256(id + salt)) until revoked |
| E‑mail (token request) | Send the signed JWT & optional newsletters | • **Subscribed** → kept in plain text. • **No marketing** → hashed after 7 days. |
Issue‑tracker cookie_gitea_session | Keeps you signed‑in to the self‑hosted forge | Until logout / 30 days inactivity |
Quota, throttling & the nag banner
- Anonymous mode: 33 scans per UTC day.
- Token mode: 333 scans per UTC day.
- A reminder banner appears at 90 % daily scan quota.
- After 333 scans the CLI/API slows by ~10 % but never stops.
No third‑party resources 🚫
- Fonts, icons and JS bundles are self‑hosted.
- No Google Analytics, Hotjar, Umami, etc.
- Images and packages are served from
*.stella‑ops.org.
Your rights (GDPR & equivalents)
Contact privacy@stella‑ops.org for access, rectification or erasure. We respond usually as soon as possible but allows up to 30 days.