Privacy Policy

Seikata ("we", "us", "the site") is a vintage Seiko watch reference and community. This policy explains what data we collect, why, and your rights regarding it.

1. Data We Collect

Account information: When you create an account, we store your username, password (hashed, never plaintext), and optionally your email address.

Usage data: We store your favorites, login timestamps, and the invite code used to join.

Security logs: We log IP addresses, user agents, and request URIs for failed login attempts and security events. These logs are retained for 90 days.

No tracking: We do not use third-party analytics, advertising trackers, or social media pixels.

2. How We Use Your Data

• To operate your account and save your preferences and favorites
• To protect the site from abuse and unauthorized access
• To communicate with you about your account (if you provided an email)

3. Cookies

We use a single session cookie (kat_session) to maintain your login state. It is HttpOnly, Secure, and SameSite=Lax. We also use localStorage for theme preference (light/dark). We do not use any tracking cookies.

4. Data Sharing

We do not sell, rent, or share your personal data with any third parties. Your data stays on our servers.

5. Data Retention

Your account data is retained for as long as your account exists. Security logs are automatically purged after 90 days.

6. Your Rights

You have the right to:

• Access your data — visible on your account page
• Delete your account — available on your account page with an option to delete all associated data
• Contact us — reach out to admin@seikata.com with any privacy questions

7. Security

Passwords are hashed using bcrypt. Sessions use secure, HttpOnly cookies with CSRF protections. All traffic is served over HTTPS.

8. Changes

We may update this policy from time to time. The "last updated" date at the top will reflect the most recent revision.