Your login credentials are stored in the database in order to identify you when you log in. The password is stored in a hashed form using Argon2id, which is one of the most secure and up-to-date algorithm to hash passwords.
Note: hashed means that there is no way to "decrypt" your password. Hash is different from encryption, because the encrypted data is possible to decrypt, while the hashed data is not because these are one-way algorithms.
In the other hand, your email address is stored both hashed and encrypted. This is to protect your email address from being stolen in case of a database breach and to allow you to sign in.
RobotoSkunk is committed to using the most secure and up-to-date hashing algorithms to protect your data.
When you log into the website, this website saves your session data in the database. This data is used to identify you when you log in and to control your access to the website. When you log out, this data is deleted permanently from the database.
The collected data is
Every hour you are logged in, your session data is updated with the current user agent and the current date and time.
When you log in without using "Remember me", your session data is deleted after one hour of inactivity. When you log in using "Remember me", your session data is deleted after one month of inactivity to protect your account from unauthorized access.
All cookies generated by this website use only transfers via HTTPS and only the website has access to cookies, this following Mozilla's security recommendations.
The cookies generated are
Some third-party services such as PayPal could generate cookies to work, in the same way you can configure your browser to deny access to these cookies.
When you visit this website, your IP address is collected and stored in the database to prevent abuse and to protect the website from attacks. This data is not shared with anyone and is only used to protect the website.
IP addresses are commonly stored for 1 minute, but can be stored for up to 1 day if the website is under attack or if there is a high risk of abuse.
RobotoSkunk doesn't have access to your IP address because it's hashed using HMAC-SHA256.
This website uses a custom analytics service to track the usage of the website. Only the website has access to the data, this following GDPR.
The data collected by this analytics system is
This analytics system doesn't use any cookies or unique identifiers. None of these data is linked to your account, your IP address, or even between them.
If you don't want to be tracked, you can enable Do Not Track (DNT) in your browser settings. RobotoSkunk respects your privacy and will not sell or share your data with anyone.
When you request an account deletion, all your data will be deleted after one week, unless you cancel the deletion request. This is to prevent accidental account deletion.
If your account has been banned, all your data will be retained indefinitely and you can't request an account deletion or edit your data until the ban is lifted.
We use PayPal to process payments. This service is provided by PayPal.
When you make a payment, PayPal will collect your payment data and forward it to us. This data is used to process your payment and to identify you.
We only store your payment id and the amount of the payment. This data is used to identify the payment and to prevent abuse.
We use Have I Been Pwned to check if your password has been leaked in a data breach. This service is provided by Troy Hunt.
When you create an account or change your password, we check if your password has been leaked in a data breach.
Have I Been Pwned doesn't store or receive your password or any other data. Your password is hashed using SHA-1 and only the first 5 characters are sent to Have I Been Pwned.
Have I Been Pwned will return a list of all the data breaches that your password has been leaked in. This list is used to notify you if your password has been leaked in a data breach.
If you have any questions about Have I Been Pwned's API, check out their API documentation.
We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI").
hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program.
To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics.
This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled.
For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user).
The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background.
Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge.
Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA).