Privacy Policy

What data do we collect?

When you create an account we store your chosen username, email address, and the lists and list items you create. We do not collect your name, address, phone number, or any payment information.

How is view count tracking done?

To count views on lists, we create a temporary record containing a one-way hash (SHA-256) of your IP address, browser user-agent string, and the current date. This hash cannot be reversed back to your IP address. Records older than 7 days are automatically deleted. We do not build any profile or history of your browsing.

Do we use cookies?

We use a single authentication cookie to keep you signed in. It is HTTP-only (not accessible to JavaScript), marked Secure (only sent over HTTPS), and expires after 30 days of inactivity. We do not use advertising cookies or any third-party tracking cookies.

Do we share your data?

No. We do not sell, rent, or share your personal data with third parties. Your public lists are visible to anyone with the URL — that is the core purpose of the site. Private lists are not visible to anyone other than you.

How long do we keep your data?

Your account data and lists are retained for as long as your account exists. You can delete individual lists at any time. To delete your account and all associated data, contact us at the email address below.

What about security?

Passwords are hashed using ASP.NET Core Identity's default algorithm (PBKDF2) and are never stored in plain text. All traffic is served over HTTPS. Data protection keys are stored securely on the server and are not accessible via the web.

Your rights

You have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, or if you have any questions about this policy, email us at hello@mytopthings.co.uk.