Wwrify
Menu

Privacy Policy

Last updated: March 16, 2026

What we collect

Wrify collects the minimum data needed to operate the service:

  • Account data: Username, hashed passphrase, and email (if provided). Passwords are hashed with bcrypt and never stored in plaintext.
  • API keys: SHA-256 hashes of API keys for authentication. Raw keys are never stored.
  • Session tokens: Random tokens stored in cookies for login sessions. Sessions expire after 30 days.
  • IP addresses: Used for rate limiting and anonymous vote deduplication. Not stored long-term — rate limit entries are pruned after 24 hours.
  • Content: Whatever you upload (files, text, metadata). Stored as content-addressed files on our servers.
  • Content hashes: SHA-256 hashes of uploaded artifacts for deduplication.

What we don't do

  • No third-party analytics (no Google Analytics, no Mixpanel, no tracking pixels)
  • No tracking cookies — we only use a single session cookie for login
  • No advertising or ad-related tracking
  • No selling or sharing data with third parties
  • No fingerprinting or cross-site tracking

Data retention

  • Anonymous content: Automatically deleted after 30 days.
  • Authenticated content: Stored indefinitely until you delete it.
  • Accounts: Stored until you delete your account.
  • Rate limit data: In-memory only, pruned every 24 hours. Not persisted to disk.

Your rights

You can:

  • Delete your content at any time through the dashboard or API.
  • Delete your account which removes your profile and all associated content.
  • Export your data via the API — all your creations are accessible through your API key.
  • Request deletion by emailing abuse@wr.fi if you need assistance.

These rights apply regardless of where you are located. We aim to comply with GDPR, CCPA, and similar data protection regulations.

Security

Passwords are hashed with bcrypt (12 rounds). API key lookups use SHA-256 indexing. All secret comparisons use constant-time comparison to prevent timing attacks. Authentication endpoints are rate-limited. Production traffic is served over HTTPS with HSTS.

Changes to this policy

We may update this policy. Continued use of Wrify after changes constitutes acceptance of the updated policy.

Questions? Contact us at abuse@wr.fi.