YAP ("we", "us", "our") operates yaphub.xyz, including the anonymous group chat and the embeddable YAP Widget. This Privacy Policy explains how we collect, use, and protect data in accordance with the EU General Data Protection Regulation (GDPR), the EU Digital Services Act (DSA), the German Federal Data Protection Act (BDSG), and the TTDSG.
Davis von Loewe Kiedrowski
Walsroder Str. 158
30853 Langenhagen, Germany
contact@cabalspy.xyz
Data you provide voluntarily:
| Data | Purpose | Retention |
|---|---|---|
| Chat messages | Display in chat | 24 hours, auto-deleted |
| Anonymous username | Display in chat | Browser only (localStorage) |
| Sentiment votes | Leaderboard, statistics | 24 hours, auto-deleted |
| Token upgrade details | Display in widget | Permanent (paid service) |
| Report submissions | Content moderation | 30 days |
| YapID Account ID | If you choose to log in with YapID, we store your account identifier (a UUID). This ID has no connection to your real-world identity — YapID is an anonymous identity system. It is used solely to enable cross-device chat history, Premium features, and display name preferences. It is never linked to your IP address or any personal information. | Until you delete your account (GDPR Art. 17) via Profile → Delete Account |
Data collected automatically:
| Data | Processing | Retention |
|---|---|---|
| IP address | Hashed with SHA-256 immediately — original IP never stored | Hash stored max. 24h, then auto-deleted |
| Browser UUID | Stored in your browser only, never linked to identity | Browser localStorage only |
| Message timestamps | Required for chat functionality | 24 hours |
| YapID session token |
Stored in sessionStorage (tab-only, never persisted beyond the browser tab).
Never sent to third parties. Cleared automatically when the tab is closed.
|
Duration of browser tab session only |
| Processing Activity | Legal Basis (GDPR Art. 6) |
|---|---|
| Displaying chat messages | Legitimate interest (Art. 6(1)(f)) |
| Rate limiting (IP hash) | Legitimate interest (Art. 6(1)(f)) — preventing abuse |
| Content moderation | Legal obligation (Art. 6(1)(c)) — DSA compliance |
| Token upgrade data | Contract performance (Art. 6(1)(b)) |
| YapID login & cross-device history | Consent (Art. 6(1)(a)) — you actively choose to log in |
| Fraud prevention | Legitimate interest (Art. 6(1)(f)) |
We do not use your data for advertising, profiling, sale to third parties, or automated decision-making with legal effects.
IP Address: Your IP address is immediately hashed using SHA-256 with a secret salt. The hash is used only for rate limiting. The original IP address is never stored in our database.
Messages: All chat messages are encrypted at rest using AES-256-GCM encryption and permanently deleted after 24 hours.
Identity: Your anonymous username is generated locally in your browser and stored only in localStorage. It is never linked to your real identity.
YapID: The YapID account ID is a randomly generated UUID. It contains no name, email, or any other identifying information. Even we cannot determine who a YapID account belongs to in the real world.
DM Private Keys: End-to-end encryption keys for private messages are stored in your browser's IndexedDB as non-extractable CryptoKey objects. They cannot be exported or read by any script — including ours.
| Data Type | Retention Period |
|---|---|
| Chat messages (encrypted) | 24 hours — automatically deleted |
| IP address hashes | 24 hours — automatically deleted |
| Sentiment votes | 24 hours — automatically deleted |
| System notifications | 7 days — automatically deleted |
| YapID Account ID & profile | Until account deletion (GDPR Art. 17) — delete via Profile → Delete Account |
| YapID session token | Browser tab session only — cleared on tab close |
| Token upgrade data | Permanent — part of paid service |
| Report records | 30 days — for moderation |
YapID (id.yaphub.xyz): Optional anonymous identity system. When you log in with YapID, your account UUID is shared with our server for verification. No name, email, or personal data is involved. YapID is operated as part of the YAP platform.
MoonPay / Helio (Payments): Token upgrades and Premium subscriptions redirect to MoonPay Commerce or Helio. We do not process or store payment card data. See MoonPay Privacy Policy.
Alchemy / Helius (Blockchain Data): We use these APIs to fetch publicly available token metadata. No personal data is shared beyond the token contract address.
Hosting Provider: Hostinger, Vilnius 03230 Lithuania. Standard server access logs may be retained per their privacy policy.
Font Awesome (CDN): Icons loaded via CDN may transmit your IP to the CDN provider as part of a standard HTTP request.
YAP does not use tracking cookies or advertising cookies.
We use browser localStorage to store:
We use browser sessionStorage to store:
We use browser IndexedDB to store:
All of this data stays in your browser and never leaves your device. You can clear it at any time in your browser settings. No consent banner is required as this storage is technically necessary for the service you explicitly requested (TTDSG §25(2)).
For all privacy-related enquiries: contact@cabalspy.xyz
Response time: within 30 days (GDPR requirement)
You have the right to lodge a complaint with your national data protection authority. In Germany:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn
www.bfdi.bund.de