Privacy Policy
Stella Ops follows a no mandatory telemetry stance: no Google Analytics, no pixels, no CDN beacons on this website. Product telemetry is disabled by default and strictly opt-in. We only keep data strictly required for security, abuse-prevention, or your optional access token.
What we store & why
| Data | Purpose | Retention |
|---|---|---|
| Access‑log IP | DDoS & abuse detection | 7 days, then sha256(ip) |
| JWT token‑ID | Validate signed access tokens for pre-built images | Hash only (sha256(id + salt)) until revoked |
| E‑mail (token request) | Send the signed JWT & optional newsletters | • **Subscribed** → kept in plain text. • **No marketing** → hashed after 7 days. |
Issue‑tracker cookie_gitea_session | Keeps you signed‑in to the self‑hosted forge | Until logout / 30 days inactivity |
Access tokens
- Tokens are optional and used for pre-built images and managed updates.
- Tokens are signed and verifiable offline using published public keys.
- Token IDs are stored as salted hashes only.
Request token: /register/
No third-party resources
Fonts, icons, and bundles are self-hosted. Images and packages are served from *.stella-ops.org.
Your rights (GDPR & equivalents)
Contact privacy@stella‑ops.org for access, rectification or erasure. We respond usually as soon as possible but allows up to 30 days.