Privacy Policy

What we collect

When you place an order, we receive your name, email, shipping address, and a PayPal payment confirmation (we never see your card number or PayPal password — those stay with PayPal). When you create an account, we store your username, email, and a bcrypt-hashed password. When you sign up for a restock alert or newsletter, we keep your email. When you submit a review, contact form, or wiki article, we keep what you typed plus a timestamp.

Our server records standard web access logs (IP, timestamp, page URL, user agent) for security and debugging. These are auto-rotated after a few weeks.

What we use it for

• Orders: fulfilling and shipping what you bought, and emailing you about the order.
• Account: letting you log in, see your order history, and manage your wishlist.
• Restock alerts and newsletter: emailing you when the specific product is back, or when we publish a new build log. You can unsubscribe from the newsletter at any time.
• Reviews: showing your username and review publicly next to the product (if approved).

Who we share it with

We share the minimum needed with the services that make the site work:

• PayPal processes payments and sees your billing details and shipping address.
• Resend (our email provider) handles transactional email (order confirmations, shipping notifications).
• USPS / UPS / FedEx / DHL get your shipping address to deliver your order.
• eBay sees order details for orders placed through our eBay storefront.

We do not sell your data, run third-party ad trackers, or share your email with marketers.

Cookies

We set one session cookie to keep you logged in (browser-only, no third parties). It is HttpOnly, marked Secure, and SameSite=Lax. We use localStorage on your browser to remember recently-viewed products — this never leaves your machine.

Your rights

Email us (see contact) to:

• See everything we have stored about you
• Correct anything wrong
• Delete your account and associated data (orders kept for tax/legal reasons for the period required by US law)
• Export your data in JSON

Security

Passwords are bcrypt-hashed, never stored as plain text. Our server uses HTTPS with TLS 1.2/1.3, security headers (CSP, HSTS, X-Frame-Options), and CSRF protection on every form. Backups are encrypted at rest. We log security events and review them regularly.

Changes

If we materially change this policy, we'll bump the "Last updated" date and email account holders.

Contact

Questions about this policy? Get in touch.