Privacy Policy

Last updated: May 24, 2026

Who I Am

This site (kalipatriot.net) is the personal site of Landon Byrge ("KaliPatriot"). Contact: [email protected].

Data I Collect

• Discord OAuth profile — Discord user ID, username (with discriminator if present), email address, and avatar URL. Collected when you log in with Discord. Avatars are cached locally on this server to avoid repeated requests to Discord's CDN.
• Comments — content you post is stored and attributed to your Discord username.
• Audit log — IP address, User-Agent string, request path, timestamp, and session ID for every authenticated action. Retained 90 days, then automatically deleted.
• Session cookie — one HTTP cookie named "session" (HttpOnly, Secure, SameSite=Lax, 7-day lifetime) carrying an encrypted reference to your user record. This is the only cookie set by this site. It is strictly necessary for authentication and therefore does not require consent under ePrivacy/GDPR.
• CTF scoring — challenge solves are stored with your user ID, challenge ID, point value, and timestamp.

What I Don't Collect

• No third-party analytics (no Google Analytics, no Meta pixel, no Plausible, no Hotjar, etc.).
• No advertising or tracking cookies.
• No cross-site tracking.
• I do not sell personal data. Ever.

Why I Collect It

• Authentication and access control.
• Abuse prevention and security investigation (audit log).
• Public attribution of comments and CTF leaderboard placement.

Retention

• Audit log: 90 days, after which entries are automatically deleted.
• Session cookie: 7 days from last activity.
• User account, comments, scores: retained until you request deletion (see "Your Rights" below).

Third Parties

Loading or interacting with this site causes data to be sent to the following parties:

• Discord — OAuth login and avatar fetch. See Discord's privacy policy.
• Cloudflare — this site is served via a Cloudflare tunnel from my Pi. Cloudflare sees your IP, User-Agent, and request URL as the reverse proxy. See Cloudflare's privacy policy.
• Certification badge issuers (Accredible, Badgr, Credential.net) — only when their certification badge images are loaded on the homepage. They see your IP and User-Agent.
• All other JavaScript, CSS, and font assets are served from this server. No third-party CDN is used.

Cookies

One cookie only: session — HttpOnly, Secure, SameSite=Lax, 7-day MaxAge. It carries an encrypted reference to your user record after you log in. Strictly necessary for authentication; no consent banner is shown because no non-essential cookies are set.

Your Rights (GDPR / CCPA / CPRA)

• Access — your Discord-managed fields are visible at /me/edit. Email me for a full data export.
• Correction — log out and back in to refresh Discord-managed fields, or edit bio/website/location at /me/edit.
• Deletion — use the "Delete Account" control at /me/edit, or email me. Your account row is anonymized (Discord ID, email, avatar, bio, website, and location scrubbed), comments are kept attached to a tombstone identifier, audit-log entries have your user ID severed.
• Opt out of sale — N/A; I do not sell data.
• For all requests: [email protected].

Children

This site is not directed at children under 13. Do not create an account if you are under 13.

Security

Vulnerability reports: see /.well-known/security.txt.

Changes

I may update this policy. Material changes will be noted by updating the "Last updated" date above.