1. Overview
We take data security seriously. This page explains how your data is stored, protected, and managed.
2. Infrastructure
Database: Cloud-hosted PostgreSQL database (AWS).
Hosting: Global content delivery network with edge deployment.
File Storage: Cloud object storage (AWS).
Authentication: OAuth-based authentication service with Google and Discord providers.
3. Security Measures
All connections secured with HTTPS/TLS 1.2 or higher.
Data encrypted at rest using AES-256 encryption.
OAuth-based authentication — we never store your Google or Discord passwords.
Role-based access control for administrative operations.
Database row-level security (RLS) policies ensure users can only access their own data.
4. Data We Protect
WOS IDs are stored securely and never displayed publicly on the site.
Email addresses from Google/Discord OAuth are never displayed publicly.
Verification screenshots are stored in private storage and automatically deleted after the retention period.
5. What We Do NOT Do
We do not sell or monetize your personal data.
We do not use advertising trackers, analytics cookies, or third-party tracking scripts.
We do not share WOS IDs, email addresses, or verification screenshots with anyone.
We do not store payment information (WOSmeta is a free service).
We do not use your data for any purpose unrelated to the registry.
6. Incident Response
In the event of a data breach, we will: investigate and contain the incident quickly, notify affected users within 72 hours, notify relevant authorities as required by applicable law, and provide information about what data was affected and recommended actions.
7. Data Backup
Automated encrypted backups are maintained via the cloud database provider's built-in backup systems. Backups are encrypted and stored securely.
8. Your Role
You can help keep your account secure by: using a strong, unique password for your Google/Discord account, not sharing your account credentials with others, logging out on shared or public devices, and reporting any suspicious activity via our Contact form.
9. Contact
For security concerns or questions about data protection, please use our Contact form.