Privacy Policy
How I handle your info - because privacy matters and you deserve to know
Last Updated: July 7, 2025
Privacy Summary
- Email addresses used exclusively for: donation confirmations, password resets, account security, and essential communications
- Never sold or shared: Your personal info including email is NEVER sold, shared with third parties, or monetized
- Industry-standard encryption: All email data encrypted using AES-256-GCM and remains protected at all times
- You control communications: Opt-out capabilities for non-essential notifications while preserving security alerts
- Anonymous donations stay anonymous - your identity is completely protected
- Basic website analytics only - no creepy tracking or personal data collection
- PayPal handles payments - we never store your payment information
- Your data rights respected - full control over your personal information
Table of Contents
1. Introduction
Hey there! I care about your privacy and want you to know exactly how I handle your information when you visit the site or participate in this crazy experiment. This policy explains everything in plain English.
2. Information We Collect
- Donation Information: Amount and payment confirmation from PayPal
- Contact Information: Email address (encrypted for security)
- Display Preferences: Whether you want to donate anonymously
- Messages: Optional messages you include with donations
- Contact Forms: Name, email, and message when you contact us
- Analytics: Anonymous website usage data (no personal information)
Important: We do NOT store your payment information. All payments are processed securely by PayPal.
3. How We Use Your Information
I only use your information for:
- Email: Donation confirmations, password resets, account security, and essential notifications only
- Running the experiment and showing progress publicly
- Sending you donation confirmations and answering your questions
- Keeping records for legal and tax stuff (boring but necessary)
- Making the website better based on anonymous usage stats
- Preventing fraud and keeping things secure
I will NEVER sell your personal information to anyone. Ever. Your email is encrypted, never shared with third parties, and you can opt out of non-essential communications.
4. Information Sharing
What We Share Publicly
- Donation amounts and dates
- Display names (for non-anonymous donations)
- Public messages you choose to include
- Total participant counts
What We Never Share
- Email addresses or contact information
- Payment details
- Personal information for marketing
- Anonymous donor identities
6. Anonymous Contributions
You can still contribute anonymously, but an account is required. When you choose to stay anonymous:
- Your name never shows up publicly on the site
- Your contributions show as "Anonymous" instead of your display name
- Your account information remains private and protected
- I protect your anonymity completely while maintaining account security
Important: Giveaway Eligibility
Anonymous contributors cannot participate in community giveaways or giving-back initiatives. If I conduct surprise rewards or other ways of sharing success with the community, I need to be able to contact winners. Choose between complete public anonymity or eligibility for potential community rewards - you can't have both.
7. Email Encryption
Your email addresses are encrypted and protected. I want you to feel totally confident that your email info is safe with me.
7.1 What Is Encrypted
- ✅ Email Addresses: Fully encrypted using AES-256-GCM encryption before database storage
- ✅ Email Lookup: Uses secure hashing (HMAC-SHA256) to find your account without exposing your email
7.2 What Is NOT Encrypted (Public Information)
- ❌ Display Names: Shown publicly on leaderboards and timelines (if you choose non-anonymous)
- ❌ Donation Messages: Displayed publicly as part of the social experiment experience
- ❌ Donation Amounts: Shown publicly to demonstrate experiment progress
7.3 Technical Security Details
- Encryption Standard: AES-256-GCM (Advanced Encryption Standard, 256-bit keys)
- Unique Protection: Each email gets a unique encryption salt and initialization vector
- Key Security: Encryption keys are stored separately from data and never exposed
- Search Protection: We can find your account without decrypting your email
Bottom Line: Even if someone somehow got into my database, your emails would be completely unreadable without my encryption keys, which I keep separate and secure. Your email is never sold or shared with anyone.
8. Data Security
Besides encrypting emails, I've got other security stuff in place:
- Rate Limiting: Advanced protection against abuse and spam
- Transmission Encryption: All data transmission encrypted using TLS 1.3
- Secure Cloud Storage: Database hosted on secure cloud infrastructure with global distribution
- Access Controls: Strict limits on who can access personal information
- Payment Security: All payments handled through PayPal, no payment data stored locally
- Input Validation: Comprehensive validation and sanitization of all inputs
9. Analytics & Caching
9.1 Website Analytics
I collect anonymous website stats to make the site better:
- Privacy-First: No cookies, no tracking, just basic stats
- Anonymous Data: No personal info collected at all
- Usage Statistics: Just page views, visitor counts, basic stuff
- Secure Storage: Analytics data is kept secure
- Data Retention: Old analytics data gets deleted automatically
- Purpose: Only used to understand how the site is performing
9.2 Data Caching
I use caching to make the website faster:
- Performance Optimization: Caching reduces load times and server requests
- Automatic Expiration: All cached data expires automatically (1-5 minutes)
- No Personal Data: Only aggregated, non-personal statistics are cached
- Secure Storage: Cache data is access-controlled and protected
- Rate Limit Protection: Caching helps prevent abuse and server overload
- Cost Efficiency: Reduces server costs while maintaining fast performance
10. Contact Forms
When you use the contact form, I handle your info just as securely as donations:
10.1 Contact Information Processing
- Secure Transmission: All contact form data transmitted securely
- Email Delivery: Secure email delivery for reliable messaging
- No Storage: Contact messages sent directly, not stored permanently
10.2 Contact Data Usage
- Answer your questions and help you out
- Make the site better based on your feedback
- Follow legal requirements if needed
- Never used for marketing or sold to anyone
11. Data Retention
I keep your info as long as needed for the experiment, legal stuff, and resolving any issues. Since this is kind of a historical experiment, contribution records might be kept indefinitely for transparency and to preserve the history of what happened here.
12. Your Privacy Rights
Depending on where you live, you might have certain rights about your personal info:
- Access: Request information about the data I have about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your data (subject to legal requirements)
- Portability: Request a copy of your data in a portable format
- Opt-out: Unsubscribe from communications at any time
Note: Some data might need to stick around for legal reasons, taxes, or to keep the experiment's history intact.
8. Changes to This Privacy Policy
I might update this privacy policy sometimes. Any changes will be posted here with a new date. If you keep using the website, that means you're cool with the updates.
9. Contact Us
Got questions about this privacy policy? Hit me up:
Contact Form: Use our contact form
Email: support@hitamillion.com