๐ค Privacy Policy
We care about speed and privacy on this website, which is why we don't have any trackers, telemetry, or analytics (third-party or otherwise). You can audit this by checking the source code of any page on the site. The server-side code is open-source too and available for review on our Gitea: slvit/www.
This site is statically-generated and uses minimal javascript. When javascript is used, it's usually auditable, open-source code that we wrote. The only js libraries we import are Stripe's SDK and the ultra-tiny KnockoutJS. These are only imported on pages that require them. For example, if you place an order with cryptocurrency, Stripe's SDK will not be loaded.
Unfortunately, it's not possible to run an ecommerce site without storing some data on your computer (the contents of your cart) collecting some data on our server (we need to know where to ship it) and sending some data to a third party (our payment processor if you pay with a credit/debit card). These three forms of data storage/sharing are outlined in more detail below.
๐ฅ๏ธ Data stored in your browser
We use the localStorage
standard to store data in your browser. This is a web standard similar to cookies: it lets us keep data in your browser so we can restore your state when you leave and return to the site. These data are controlled by you and are as secure as your computer. These data are not sent to us or any third-party (yet).
Here is a raw dump of the current state of all localStorage data our website has stored in your browser. localStorage data for any website can usually be viewed somewhere in your browser's UI.
Loading...
These data are usually cleared when you clear your browser's cache or site data. If you would like to clear all the data from this site, you can also click the button below. This won't give you a huge privacy advantage since we don't have access to these data anyway; they are stored on your own device. We could theoretically use these data to keep track of your visits to our site... but we don't participate in such petty metrics. You don't have to trust us though; you are welcome to wipe your localStorage anytime using this button.
๐ข Data stored in our server
Data stored on our server is stored securely and accessed only by employees. However, U.S. law provides agencies the right to obtain a search warrant and subpoena us for these data. We comply with all U.S. laws, but provide some protection to our users by providing a warren canary.
Generally speaking, we collect as little data as possible. Here is a complete list of all data we collect and store:
๐ Server logs
Every time you visit a page on our website, our server keeps a log of:
- Date, time, possible your timezone
- Exact URL (address) visited
- Quantity of data transferred
- Your IP address
- Your user agent (UA)
(To view your IP and user agent, you can visit ifconfig.me.)
These logs are periodically rotated and deleted at our discretion. We only keep this information to:
- Debug problems with our infrastructure
- Audit security incidents
This means we don't review these data or perform any analysis on them unless something goes wrong.
๐งพ Order information
When you place an order in our shop, we collect information on the order in our server and use this data to:
- Ship the order
- Offer refunds
- Offer product support
These order data may include:
- Items ordered, with prices and quantities
- Shipping name and address
- Contact name, phone and email
- Shipper and tracking information
- Dates and times when the order was created, paid, and shipped
- Total amount paid and amount paid for items, shipping, tax, processing
- A confirmation code linking the order to a stripe charge (if paying by card)
๐ณ Data shared with third parties
None of the data listed on this page so far are shared with any third-party until you load the USD credit/debit card checkout page. At that point, stripe's SDK loads. With their library loaded, they are able to collect quite a bit of data about you, though that doesn't mean they do. An incomplete list of data stripe might collect includes:
- Date, time, and your timezone
- Your IP address
- Your user agent
- How big your window is
- Your preferred language and locale
- How you scroll on the page
- Where you move your mouse
- Every key you type
- Probably other fingerprinted data
(To view your IP and user agent, you can visit ifconfig.me.)
When you create an order, the following additional data is sent to stripe. These data may change as Stripe changes their policies, so this list may be incomplete or outdated. For the latest information, consult their privacy policy.
- The total amount
- Your shipping address
- Your contact email
- The order ID we created
When you execute the payment, the following additional data is sent to stripe. These data may change as Stripe changes their policies, and they might send more data collected from your browser which is hard for us to track. For the latest and most accurate information, consult their privacy policy.
- Your payment card number
- The payment card's expiration date
- The payment card's security code
- Total amount to be paid
- The order ID we created
- Your IP address
IMPORTANT! By making credit/debit card payments on this website, you agree to Stripe's End User Terms of Service and Privacy Policy.
๐ฆ Warrant canary
Here is a copy of our latest warrant canary.
2023-03-11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
2023-03-11
Antonito, CO
San Luis Valley IT Co. confirms that all customer data stored on its servers are safe. As far as we know, there have been no data breaches. We have not been issued any search warrents, subpoenas, or similar from any agencies.
Here is a recent article to prove this statement was not pre-generated:
Ars Technica: Get ready to meet the Chat GPT clones [2023-03-11]
https://arstechnica.com/information-technology/2023/03/get-ready-to-meet-the-chat-gpt-clones/
This canary is signed with ki9's pgp key, available here:
https://ki9.gf4.pw/pgp/
Fingerprint: 8C72 530E BC14 E5D1 D0E9 9F24 DF77 3B3F 4A88 DA86
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEjHJTDrwU5dHQ6Z8k33c7P0qI2oYFAmQNBNwACgkQ33c7P0qI
2oYH5Qv+Ia3BxGvakyUxZLByuBJxLOS+1B6wWBqs7TUruOsjwKo+E7YcjIMnQZEJ
V1DVMRenLH5TIAtS3gYgi3sDaRaCezWNLpIIC5qNSVkGBdYNkHMnjx6CLecjX46E
54yOHCHqaC3Uv7yMbBgRBaaME6olc2U10INwgeinqTzKO9TpvsyQ+xL257k7pLdV
Ubru1HvW5wKoZ3IMMwc3O7+lWgM9xHanSFPPiv7Sytj3HQ337ZvEUNG2Dcz3VqoD
ZoHc7TrTy+PJDhrAPCC5eDmpKS1eSoyvLv6vW4AYSf0ej5bIKxsHuXiNrN1zAeaE
Z+T2XJiBO6tar1I/586cPg0PrTZ1G2NiBSkSiWH5cU81oXEW3SDFv5va8J4WuBJY
ina1wQ2fqCk4Rf0moKnJ1TFZpBs3y5P31/CHZQnee8DDnH6fUuSq9aa61DrSA3Tx
sWvXrt/izIIPtDvFPNljYPSYIiH/NmxOQecPP3n9wU7+lonRnhRlKrS9aBG4hFbq
SGhNlHOH
=yXgh
-----END PGP SIGNATURE-----