Privacy Policy — MikeBrowser 4.0
File
Edit
View
Mikes
MikesList
MikeTasks
Help
⬅ Back ➡ Fwd 🔄 🏠 Home
🎲 Random Mike ✦ I'm Feeling Mike
💰 Wallet

★ PRIVACY POLICY

Effective: 2026-05-18 · Last updated: 2026-05-18 · Plain language, no legalese.
The short version. We store what's required to operate MikeHub — your account, the messages and posts you create, and minimal request logs. We don't sell, rent, or share your data with anyone. No analytics. No tracking pixels. No advertising SDKs. No data brokers. The only outside services that touch your data are Cloudflare (hosting + database) and Resend (transactional email). You can ask us to export or delete everything anytime.

1. WHO WE ARE

MikeHub.org is operated by an individual — me, a Mike, building this site. Under GDPR I'm the data controller. The site is reachable at https://mikehub.org and any other domain we operate (currently also onlymikes.org).

Privacy contact: themikehub@yahoo.com

2. WHAT WE COLLECT, WHY, AND HOW LONG WE KEEP IT

Only what's necessary to run the site. Here's everything:

DataWhy we collect itRetention
Email addressLogin, password reset, transactional notificationsUntil account deletion
Password (bcrypt-hashed, never stored in plain text)LoginUntil account deletion
First + last name, handle, bio, location, avatar choice, tagsYour public profileUntil you remove it or delete your account
DMs, posts, replies, comments, chat messagesThe social features you used to create themUntil you or the original poster deletes them; admin-removed content kept ≤90 days for appeal
Listings on MikesListThe marketplace you posted toUntil you remove the listing
$MIKE balance + transaction ledgerThe in-app economyUntil account deletion
Game results, votes, RSVPs, task submissionsThe feature you usedUntil account deletion
Session tokens (cookie + KV)Keeping you logged in7 days, then auto-deleted
Email verification + password-reset tokensAccount security24h (verify) / 1h (reset), then auto-deleted
IP address, user-agent, request path (in server logs)Abuse prevention, rate-limiting, debugging30 days, then auto-rotated by Cloudflare
Moderation log entries (when an admin acts)Audit trail for appeals + accountability2 years

3. WHAT WE DO NOT COLLECT

  • No third-party analytics (Google Analytics, Plausible, Posthog, Mixpanel, Amplitude, Segment — none)
  • No tracking pixels or beacons
  • No browser fingerprinting (canvas, font, WebGL — none)
  • No session replay or behavioral recording
  • No precise geolocation (we ask for a city if you choose to share one — that's it)
  • No contact-list or address-book uploads
  • No advertising SDKs
  • No cross-site cookies

4. WHAT WE DO NOT DO WITH YOUR DATA

  • We do not sell, rent, license, or trade your data — to anyone, ever.
  • We do not share your data with advertisers or data brokers.
  • We do not train AI models on your messages, posts, or profile.
  • We do not use your data for any purpose other than running MikeHub for you.

5. COOKIES

Two cookies, both small, both first-party:

  • mikehub_session — your login token. HttpOnly, Secure, SameSite=Strict. Expires after 7 days of inactivity.
  • mikehub_admin — a marker that you're an admin (used for UI, not authentication). Cleared on logout.

No advertising cookies, no third-party cookies, no consent banner needed because we don't set any.

6. DIRECT MESSAGES — IMPORTANT

Your DMs are not end-to-end encrypted. They're stored in our database (encrypted at rest by Cloudflare) and transmitted over TLS. Site operators can technically read message contents — and we will only do so to (a) investigate abuse reports filed by other Mikes, (b) comply with a valid legal order, or (c) maintain the system. This is the same model as Slack standard messages or Discord text DMs.

If you need truly private messages, use Signal or another end-to-end encrypted tool. Don't share secrets in MikeHub DMs you wouldn't want a moderator to potentially see.

7. SUB-PROCESSORS (the only outside services that touch your data)

  • Cloudflare — hosting, D1 database, KV session store, R2 file storage. Data encrypted at rest (AES-256-GCM) and in transit (TLS). Cloudflare logs request metadata (IP, timestamp, path) for security per their privacy policy.
  • Resend — sends transactional email (verification, password reset, notification digests). Your email address is passed to Resend when we send you a mail. Resend's privacy policy.

That's the complete list. No other companies touch your data.

8. YOUR RIGHTS

Wherever you live, you have the right to:

  • Access — get a copy of everything we hold about you in machine-readable form (JSON).
  • Delete — close your account and have your personal data removed. Some operational records (mod-log entries, transaction ledger) may be retained per the table above.
  • Correct — fix or change inaccurate information (you can do most of this yourself in /settings; for anything else, email us).
  • Object — opt out of any non-essential processing (we don't really do non-essential processing, but the right is yours).
  • Port — take your data with you in a standard format.

How to exercise these rights

Email themikehub@yahoo.com from your registered address with a clear request. We respond within:

  • 30 days for standard requests (matches GDPR Article 12 + is faster than the CCPA 45-day standard)
  • Extensions only for genuinely complex cases — we'll tell you within 30 days if we need more time.

9. LAW ENFORCEMENT & LEGAL PROCESS

  • We require a valid subpoena, court order, warrant, or equivalent legal process before disclosing user data to law enforcement.
  • We push back on overbroad requests.
  • We will notify the affected user before disclosure unless prohibited by law (gag order, ongoing investigation, etc.).
  • Emergency disclosures (immediate threat to life) follow the standard exigent-circumstances framework with documentation.
  • We publish an annual transparency report — even "zero requests this year" counts as a report.

10. CHILDREN'S PRIVACY (COPPA + GDPR-K)

MikeHub is intended for users 13 years of age or older. We do not knowingly collect data from anyone under 13. Signup requires affirming you're 13+.

If you believe a child under 13 has created an account, email themikehub@yahoo.com and we'll delete the account and any associated data promptly (within 30 days).

In jurisdictions where the digital-consent age is higher (e.g., 16 in some EU member states), the same applies at that age.

11. INTERNATIONAL TRANSFERS

MikeHub is operated from the United States. Cloudflare's edge network may process your requests in the region closest to you, but data at rest lives in Cloudflare's US infrastructure unless we explicitly say otherwise. If you sign up from the EU/UK, you're consenting to your data being transferred to and processed in the US under Cloudflare's standard contractual clauses.

12. SECURITY

  • Passwords stored as bcrypt hashes (12 rounds) — never in plain text.
  • All traffic over HTTPS (TLS).
  • Sessions are HttpOnly + Secure + SameSite=Strict cookies. CSRF protection on state-changing endpoints.
  • Data encrypted at rest in Cloudflare D1.
  • Rate limiting on auth and abuse-prone endpoints.
  • If we ever discover a breach affecting you, we'll notify you within 72 hours of confirming it.

13. CHANGES TO THIS POLICY

If we make material changes, we'll email registered users at least 30 days before they take effect and post a notice on the homepage. Minor clarifications (typos, link updates) will be made without notice. The "Last updated" date at the top always reflects the latest revision.

14. CONTACT

Anything privacy-related: themikehub@yahoo.com · Subject line: Privacy

For deletion: subject line Delete my account.

For data export: subject line Export my data.

For a complaint to a supervisory authority: EU residents can contact their national Data Protection Authority. UK residents: the ICO. California residents: the California Privacy Protection Agency. We hope you'll email us first — most things are misunderstandings or bugs.

Built by a Mike. No tracking. No ads. No bullshit.

Mike 🌐 Privacy Policy
—:—