← Back to home

Privacy Policy

Last updated: 2026-05-17

This page explains what we collect, why, and what we do with it. Short version: we collect as little as possible, we don't sell anything, and you can ask us to delete what we have.

What we collect

  • Discord account info when you log in: your Discord ID, username, avatar, and email address. We use these to identify you and let you see your orders.
  • Shipping address if you order hardware. Stored on the order and shared with shipping carriers as needed for delivery.
  • Crypto transaction hashes & wallet addresses for orders, as part of the payment-verification process.
  • Site analytics: page views, referrers, and a hashed IP for de-duplication. We don't store raw IPs.
  • Country, derived from your IP at request time via an offline GeoIP lookup. Used for aggregate stats and tax planning, not personalised advertising.

What we don't collect

  • No real-name verification, no phone number, no government ID (unless required by a shipping carrier for hardware deliveries).
  • No cross-site tracking. We don't use Google Analytics, Facebook Pixel, or similar tools.
  • No card details — we accept crypto, so we never see traditional payment-card information.

Cookies

We use a single session cookie (shillette.sid) to keep you logged in. That's it. No third-party cookies, no marketing cookies, no ad cookies.

How we use your data

  • To fulfill your orders (shipping hardware, delivering firmware in your ticket)
  • To provide customer support
  • To improve the storefront (aggregate analytics, never individual tracking)
  • To meet legal obligations (tax records, sanctions screening for hardware exports)

Who we share data with

  • Shipping carriers (UPS, DHL, etc.) — your address for hardware deliveries only
  • CoinGecko & block explorers — we query public APIs with your transaction hash to verify payments. Your wallet address is part of the public blockchain anyway.
  • Discord — when you log in, OAuth happens through Discord's servers. Their privacy policy applies to that exchange.

We never sell or rent your data to third parties.

Data retention

Order records are kept indefinitely for accounting and dispute purposes. Site analytics are kept rolling 90 days. You can request deletion of your account by opening a Discord ticket — we'll anonymise your profile data while keeping anonymised order records for accounting compliance.

Your rights

You can ask us to:

  • See a copy of what we have on you
  • Correct anything that's wrong
  • Delete your account (subject to the retention exceptions above)
  • Export your data (we'll send a JSON dump within 14 days)

Open a ticket in our Discord for any of these requests.

Security

The site runs over HTTPS, sessions are httpOnly cookies, passwords don't exist (we only accept Discord OAuth), and the database is encrypted at rest on the host. We're a small team and not infallible — if you spot a security issue please disclose responsibly by opening a private ticket.

Changes

If we change this policy, we'll announce it in our Discord. Continued use after a change means you accept the new policy.

Contact

Open a ticket in our Discord or email [email protected].