wowne.ro logo

wowne.ro

← Legal

Privacy Policy

For the wowne.ro community forum and the paid @wowne.ro email service

Effective date: June 25, 2026

1. Who we are and what this covers

This Privacy Policy explains what personal information we collect, why we collect it, how long we keep it, and the limited circumstances in which we share it.

"We", "our", and "us" mean Such Software LLC, a single-member Pennsylvania limited liability company based in Kennett Square, Pennsylvania, USA. "You" means anyone who uses the services described below.

This policy covers two services (together, the "Services"):

  • The Forum — the community discussion forum at forum.wowne.ro, a discussion board for the Wownero and privacy-cryptocurrency community where you can read, post threads and replies, and maintain a profile. The Forum offers a free tier and a paid "Forum Premium" subscription tier.
  • Paid email — the subscription hosted email service that provides mailboxes at the wowne.ro domain, running on our own mail server.

Both services share a single sign-in system, our identity provider at id.wowne.ro (the "login service"), which is also covered here.

Our guiding principle is simple: collect the minimum we need to run the Services, keep it for the shortest sensible time, and never sell it. Where we can let you be effectively pseudonymous, we do.

These Services are operated by Such Software (you may see "Operated by Such Software" in the footer, linking to such.software). This policy governs the Services described above. It does not cover third-party websites, wallets, or services we link to. This policy is one of a stack of documents for the Services; the others are the Forum Terms of Service (forum-terms-of-service.md), the Email Service Terms (email-service-terms.md), the Acceptable Use Policy (acceptable-use-policy.md), and the DMCA / Copyright Policy (dmca-copyright-policy.md). For each service, the service-specific terms govern, and this Privacy Policy, the Acceptable Use Policy, and the DMCA / Copyright Policy are incorporated by reference; if a specific document conflicts with the governing terms on a specific point, the more specific document controls on that point.

2. The short version

  • You can use the Forum with a wallet account that requires no name and no email — just a Wownero public key and a signed challenge. That account is effectively pseudonymous to us.
  • Alternatively, you can use an email and password account. We verify your email and store your password only as a one-way Argon2id hash — never in plaintext, and we cannot recover it.
  • Forum posts are public. Anything you post can be read, copied, cached, and archived by anyone, including search engines and third-party archives we do not control.
  • Paid email mailboxes and the messages in them live on our own mail server. We can technically access stored mail to operate, secure, and back up the service; we access message content only as needed for those purposes or where legally required.
  • We keep access and IP logs for a short time (about 14 days) and then they roll off.
  • We do not sell or rent your personal information, and we do not run behavioral advertising or ad tracking. We use no data brokers and no advertising networks.
  • You can close your account and request deletion at any time. We explain below what that deletes and what (and why) we may briefly retain.
  • If a breach affecting your personal data ever occurs, we will notify affected users and the appropriate authorities as required by law, without undue delay (Section 9).

3. What we collect, and why

We organize this by what you actually do. We only collect what each item below describes.

3.1 Wallet accounts ("Sign in with Smirk")

If you sign in with a Smirk Wownero wallet, your account identity is a Wownero ed25519 public key, and you authenticate by signing a short, single-use challenge we generate. We verify the signature against your public key.

  • What we collect: your Wownero public key, and the fact that a valid signature was produced for a login challenge. We generate a username for the account (for wallet accounts, derived from the public key, e.g. wow_ followed by part of the key); you can change it on the Forum.
  • What we do not require: a real name, an email address, or any other identifying information.
  • A technical note about email: the login service requires that every account expose an email value to the Forum. For a wallet-only account, we synthesize a placeholder address of the form <id>@wallet.wowne.ro so the Forum works. This synthetic address is generated server-side; it is non-deliverable — not a real inbox, not collected from you, and no message is ever delivered to it. If you later add a real email to the account, that real address overrides the placeholder.
  • Why: to authenticate you, to tie your posts to a stable account, and to prevent one person from impersonating another's wallet.

A wallet account is effectively pseudonymous to us: we hold a public key, not an identity. We cannot tell who you are from your account alone. (Note that the Wownero blockchain itself is outside our Services; how you use your wallet on-chain is governed by Wownero, not by us.)

3.2 Email-and-password accounts

If you create an account with an email address and a password:

  • Email address: we collect the email you provide and verify it by sending a one-time link, which expires 24 hours after issue. We use your email to confirm the account, to send transactional messages (verification, password reset, and account- or billing-related notices), and, for paid email, as your contact address. We do not add you to marketing lists.
  • Password: we store your password only as an Argon2id hash (a deliberately slow, memory-hard one-way hash). We never store, log, or transmit your password in plaintext, and we cannot recover it — if you forget it, you reset it via a one-time link, which expires 1 hour after issue.
  • Why: to authenticate you, to let you recover access, and to send the small number of operational emails the account needs.

3.3 Forum content (forum.wowne.ro)

The Forum runs on NodeBB. When you use it, we store:

  • your username;
  • your posts, threads, and replies, including their text, any formatting or links, and timestamps;
  • any optional profile information you choose to add (for example a display name, avatar, signature, or "about" text — all optional); and
  • the login-service account identifier (the OIDC "subject") that connects your Forum presence to your account.

Your posts are public. Threads and replies on the Forum are visible to anyone who can view the relevant board, which for public boards means the entire internet. That means:

  • search engines may index your posts;
  • third parties may cache, screenshot, quote, repost, or archive your posts in places we do not control; and
  • because of this, deleting a post from our Forum cannot remove copies that others have already made. Please do not post anything you would not want to be public and persistent.

Only share personal information in a post if you intend it to be public. We treat the contents of your public posts as content you have chosen to publish, not as private data.

3.4 Paid email (mailboxes at wowne.ro)

The paid email service runs on our own mail server (a self-operated Modoboa / Postfix / Dovecot stack). When you have a mailbox:

  • Mailbox and message content: we store your mailbox configuration and the email messages in it — including message bodies, attachments, headers, sender/recipient addresses, folders, and read/unread state — for as long as your subscription is active, so we can deliver and store your mail.
  • Mail-flow metadata: to send and receive mail and to fight spam and abuse, our mail server processes standard email metadata and connection information (for example sending/receiving server addresses, message timestamps, and delivery/spam-filter results). Some of this is recorded in mail server logs (see Section 3.5).
  • Inherent limits of email: email is not end-to-end encrypted by design. Messages you send leave our server and travel to other providers; messages you receive arrive from other providers. We can secure transport on our side (see Section 9), but we cannot control or guarantee the privacy or security practices of the other servers and people you exchange mail with.
  • Our access: we can technically access stored mail because it lives on our server. We access message content only as needed to operate, troubleshoot, secure, and back up the service, to comply with the law, or with your request/consent. We do not read your mail for advertising, and we do not scan message content to build profiles about you.
  • Why: to provide the email service you are paying for.

3.5 Access logs and server logs

Traffic to the Services passes through our reverse proxy (nginx / Nginx Proxy Manager), and our mail server keeps its own operational logs.

  • What's in them: typical request/connection records — IP address, timestamp, the URL or endpoint requested, HTTP status, user agent, and similar; for mail, connection and delivery records as described in 3.4. Our reverse proxy passes the originating IP through standard forwarded-for headers so requests are attributed correctly.
  • Why: to operate the Services, debug problems, mark sessions secure correctly, enforce rate limits, and detect and stop abuse (spam, brute-force login attempts, denial-of-service).
  • Retention: we keep access/IP logs (reverse proxy) and mail-server logs for a short window of about 14 days, after which they roll off (see Section 5). We do not use these logs to build advertising or behavioral profiles.

3.6 What we deliberately do not collect

  • We do not run analytics suites, tracking pixels, advertising SDKs, or behavioral-ad cookies on the Services.
  • We do not require or ask for real-world identity documents, phone numbers, or "real names."
  • We do not track you across other websites.

4. Payments and billing (Forum Premium and paid email)

Both Forum Premium and paid email are subscriptions. Such Software LLC is the merchant of record for these subscription fees, and we never custody user funds beyond the fee itself. When you pay:

  • Card payments are handled by Stripe. Card details (card number, expiry, CVC) are entered with and held by Stripe, which processes card payments and handles card data. We do not store full card numbers or card security codes on our systems. We receive from Stripe only what we need to manage your subscription — for example a confirmation of payment, the subscription/plan, billing status, an expiry/renewal date, and a limited reference (such as the last four digits and card brand). Your use of Stripe is also subject to Stripe's own privacy policy.
  • Cryptocurrency payments are processed on our own self-hosted, operator-operated checkout infrastructureno third-party processor receives the data. We accept Bitcoin and Litecoin through BTCPayServer (with Bitcoin Lightning and Litecoin MWEB planned), Monero through xmrcheckout, Wownero through wowcheckout, and Grin through a self-developed BTCPayServer plugin. We do not take custody of your funds at any point; a crypto payment settles directly through this infrastructure. We record that a payment was made and which subscription it applies to. Note that on-chain transaction data may be recorded on the relevant public blockchain, which is outside our control. All crypto payments are final and non-refundable (for both Forum Premium and paid email).
  • What we keep, and why: we retain billing records (the fact and amount of a payment, the plan, dates, and Stripe's reference) for as long as needed to provide the service and to meet legal, tax, and accounting obligations — approximately 7 years. These records may outlive account closure where the law requires it (see Section 5).

5. How long we keep things (retention)

We keep personal information only as long as we need it for the purpose we collected it. These are the windows we apply.

Data Retention
Access / IP logs (reverse proxy) ~14 days, then deleted on a rolling basis
Mail server operational logs ~14 days, then deleted on a rolling basis
Login sessions / sign-in grants Expire automatically (~14 days) and on sign-out
Email verification link Expires 24 hours after issue
Password reset link Expires 1 hour after issue
Account, profile, and forum content (username, email, password hash, public key, OIDC subject, posts) Kept until you delete it or close your account, then removed (see Section 7); forum posts are also subject to the public-archive caveat in Section 3.3
Mailbox and message content (paid email) Kept while your subscription is active; on cancellation or termination, a 30-day export grace window (IMAP) applies, after which the mailbox and contents are deleted (see Section 7)
Billing / tax records Retained as required by law — approximately 7 years — and may outlive the account
Backups Rolling; expire within ~30 days. Deleted data persists in backups only until the relevant backup ages out

About backups: we keep backups so we can recover from failures. When you delete something, it is removed from the live systems promptly, but a copy may remain in rotating backups until that backup naturally expires on its cycle, which happens within ~30 days. We do not restore deleted data from backups except to recover from a genuine failure, and backups are not used to repopulate accounts you have closed.

6. When we share information (and when we don't)

We do not sell or rent your personal information. Ever. We do not share it for anyone's marketing.

We share personal information only in these limited cases:

  1. Service providers / sub-processors. We use a small number of providers to run the Services. The named sub-processors are:

    • Stripe, for card payments only (Stripe processes card payments and handles card data, under its own terms and privacy policy).
    • Such Software's own self-operated infrastructure, which we run ourselves: the mail server (Modoboa / Postfix / Dovecot — your mailbox is not handed to a third-party mailbox provider), the reverse proxy (nginx / Nginx Proxy Manager), the identity provider at id.wowne.ro, our crypto-checkout infrastructure (BTCPayServer, xmrcheckout, wowcheckout, and our self-developed BTCPayServer plugin — see Section 4), and the underlying hosting.

    We use sub-processors only to operate the Services, and we share with them only what they need for that purpose. There are no data brokers, no advertising networks, and no sale or rental of data.

  2. Legal process and protection. We may disclose information if we reasonably believe we are required to by law, subpoena, court order, or other valid legal process, or where disclosure is necessary to protect the safety, rights, or property of users, the public, or us (for example, to investigate fraud, abuse, security incidents, or violations of our terms). Because wallet accounts are effectively pseudonymous and we deliberately collect little, in many cases there is simply not much for us to disclose. For paid email, we access message content only as needed to operate the service, prevent abuse, or comply with law, and where we receive a legal demand, we will try to notify the affected user where we are lawfully permitted to do so.

    CSAM. Child sexual abuse material (CSAM) is strictly prohibited on the Services. We report CSAM to the National Center for Missing & Exploited Children (NCMEC) as required by law and cooperate with law enforcement.

  3. Business transfer. If the Services are ever transferred to another operator (for example through a sale or reorganization), account and service information may transfer as part of that, subject to this policy or a successor policy that is at least as protective. We would notify users of any such change.

  4. With your direction or consent. If you ask us to share something, or you make it public yourself (such as a Forum post), we act accordingly.

We do not provide your information to data brokers, advertisers, or analytics networks.

7. Your choices and rights

You have meaningful control over your information regardless of where you live. To exercise any right below, contact us at privacy@such.software (see Section 12).

7.1 Access

You can ask what personal information we hold about you and get a copy of it. For a wallet account, that may be little more than a public key, a username, and your posts.

7.2 Correction

You can update your username and optional profile on the Forum directly. You can ask us to correct other information we hold.

7.3 Deletion / account closure

You can close your account and ask us to delete your personal information. When you do:

  • What is deleted: your account record (username, any stored email, the Argon2id password hash, your stored Wownero public key, and the OIDC subject linkage) is removed from our live systems promptly. For paid email, on cancellation or termination you get a 30-day export grace window to retrieve your mail over IMAP, after which your mailbox and its stored messages are deleted from our live mail server.
  • Forum posts: you can delete your own posts. On account deletion, we will, at your choice and consistent with the Forum software, either remove or anonymize your posts so they are no longer associated with your identity. Where hard-deleting a post would break the integrity of a thread, we may anonymize it rather than hard-delete it. We cannot retrieve copies that third parties already cached or archived (see Section 3.3), and we may retain a post where it is needed to address abuse or where the law requires it.
  • What we may briefly retain, and why: (a) data already written to backups, until those backups expire on their cycle — within ~30 days (Section 5); (b) billing and tax records we are legally required to keep (approximately 7 years); (c) limited records needed to enforce a legal hold, resolve a dispute, or prevent fraud or abuse. We retain these for the minimum period required and then delete them.
  • Email already sent or received by you that resides on other people's or providers' servers is outside our control and cannot be deleted by us.

7.4 Withdrawing consent / objecting

Where we rely on your consent, you can withdraw it. You can stop using the Services and close your account at any time. Note that some processing is necessary to provide the Services — if you withdraw it, we may be unable to keep providing the relevant Service.

7.5 No discrimination

We will not deny you the Services, charge a different price, or provide a lower quality of service because you exercised a privacy right (other than where the request necessarily ends a paid service, e.g. deleting a paid mailbox).

8. Cookies and local storage

We use cookies and similar storage only for things that are strictly necessary to run the Services:

  • Authentication / session cookies set by the login service and the Forum, so you stay signed in and your session is handled securely.
  • Strictly necessary security/anti-abuse mechanisms, for example to protect sign-in and registration against automated attacks.

We do not set advertising, analytics, or cross-site tracking cookies, and we do not use tracking pixels. Because the cookies we use are strictly necessary for the Services you ask for, they are generally exempt from consent requirements; we do not maintain ad-consent banners because we have nothing to consent to.

You can clear or block cookies in your browser, but doing so may prevent you from staying signed in.

9. Security

We take commercially reasonable technical and organizational measures to protect the information we hold. In particular:

  • passwords are stored only as Argon2id hashes, never in plaintext, and cannot be recovered by us;
  • wallet logins rely on cryptographic signatures over single-use challenges, so a password is not transmitted at all;
  • traffic to the Services is served over encrypted transport (HTTPS/TLS), and our mail server supports encrypted transport (e.g. STARTTLS) for mail it sends and receives;
  • we apply rate limiting and anti-abuse controls on sign-in and registration; and
  • we follow the data-minimization approach described throughout this policy, so there is less to protect in the first place.

No system is perfectly secure, and we cannot and do not guarantee absolute security. We provide the Services on an "as is" and "as available" basis as described in the service-specific terms (the Forum Terms of Service, forum-terms-of-service.md, and the Email Service Terms, email-service-terms.md). You are responsible for keeping your wallet keys and your password safe; if you lose control of them, someone may be able to access your account.

Breach notification. If a breach affecting personal data occurs, we will notify affected users and the appropriate authorities as required by law, without undue delay.

Accessibility. We engineer the Services to meet WCAG 2.2 AA, but we do not warrant a specific score.

10. Children

The Services are intended for users 13 years of age and older. We do not allow, and do not knowingly collect personal information from, children under 13 (consistent with COPPA). If you are under 13, do not use the Services or create an account.

If you believe a child under 13 has provided us with personal information, contact us at privacy@such.software and we will promptly delete it and close any associated account.

11. International users, and U.S. state privacy notes

The Services are operated from the United States, and information is processed and stored in the United States. If you access the Services from outside the U.S., you understand that your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country.

We aim to honor the core rights described in major privacy laws for all users, regardless of location:

  • EU / UK (GDPR-style) users. We process personal information on the legal bases of performing our contract with you (providing the Services), our legitimate interests (operating, securing, and improving the Services and preventing abuse), your consent where applicable, and compliance with legal obligations. You have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority. We honor erasure subject to the retention exceptions in Sections 5 and 7.
  • California (CCPA/CPRA) users. In the past 12 months we have collected the categories of information described in Section 3 for the purposes described there. We do not "sell" or "share" personal information as those terms are defined under California law, and we do not use it for cross-context behavioral advertising. You have the rights to know, access, correct, and delete, and we will not discriminate against you for exercising them (Section 7.5).

To exercise any of these rights, contact privacy@such.software. We may need to verify your request (for example by confirming control of the account's email or wallet key) before acting, and we will respond within the time required by applicable law.

12. Contact, notices, and complaints

All of these addresses are monitored. Please use the right one for your purpose:

Our mailing address is:

Such Software LLC 110 E State St, Suite 300 Kennett Square, PA 19348, USA

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version with a new effective date. For material changes, we will take reasonable steps to notify users (for example a notice on the Forum or an email to email-account holders). Your continued use of the Services after an update takes effect means you accept the updated policy.

This Privacy Policy is incorporated by reference into, and read together with, the service-specific terms — the Forum Terms of Service (forum-terms-of-service.md) and the Email Service Terms (email-service-terms.md) — and alongside the Acceptable Use Policy (acceptable-use-policy.md) and the DMCA / Copyright Policy (dmca-copyright-policy.md). It is construed under the laws of the Commonwealth of Pennsylvania, USA, with venue in Chester County, Pennsylvania, subject to the arbitration clause in those terms.