We operate in a niche where customer data leaks are the worst-case outcome. We architected the system around that.
What We Log
The bare minimum needed to complete an order and ship a parcel. Nothing else.
- Name — as it must appear on the parcel for courier routing
- Delivery address — encrypted at rest, purged 30 days after delivery confirmation
- Email — for order confirmation and tracking. Not cross-linked to marketing platforms
- Phone number — for courier SMS only. Purged with address at 30 days
- Order contents — retained for the EU-legally-required 6 months (dispute window), then deleted
What We Don’t Log
- IP addresses — server logs are rotated every 24 hours. No long-term retention.
- Browser fingerprints — we don’t run fingerprinting scripts, third-party analytics, or ad tracking pixels on this site.
- Card data — we don’t accept cards. Nothing to log.
- Telegram / WhatsApp ID — if you contact us off-site, we don’t sync those identifiers to your order.
- Purchase history across devices — we don’t build cross-device profiles. Every session is effectively a fresh user.
Data Retention Schedule
| Data | Retention | After that |
|---|---|---|
| Server access logs (IP, User-Agent) | 24 hours | Deleted |
| Delivery address & phone | 30 days post-delivery | Deleted, encrypted traces purged |
| Order contents & amount | 6 months (EU consumer law) | Deleted |
| Email (if account created) | Until you delete the account | Deleted within 72h of request |
| Cryptocurrency payment hash | Not stored — only confirmation ID | N/A |
Encryption
Every address, phone, and personal detail written to our database is encrypted at rest with AES-256. Keys are held separately from data — a database dump alone yields nothing. TLS 1.3 on all traffic in transit; HSTS enforced; no plaintext endpoints.
Infrastructure
- Hosted in the EU on bare-metal dedicated servers — no third-party cloud provider holds your data.
- No CDN proxies customer-submitted pages (checkout is served direct-origin).
- No third-party analytics scripts: we use self-hosted Matomo with IP anonymization and zero cookies.
- No Google Fonts, no Google reCAPTCHA, no Facebook Pixel — fonts are self-hosted, bot protection is server-side.
Payment Privacy
Cash-on-delivery is the default — the courier hands you the parcel, you hand them cash, nothing touches a payment processor. If you prefer cryptocurrency, BTC or USDT payments go through a self-hosted BTCPay Server instance — not a third-party processor like BitPay or Coinbase Commerce. This means:
- No KYC triggered on our end
- Your wallet address is never written to our records
- Only a confirmation transaction ID is kept until the order ships, then purged
What You Can Do
- Request deletion: email support@vitalquests.org with “DELETE MY DATA” in the subject. Processed within 72 hours. GDPR Article 17 right.
- Request export: same email, subject “EXPORT MY DATA”. We’ll send a JSON dump of everything we hold on you. GDPR Article 15 right.
- Use Tor / VPN: the site works normally over Tor Browser and all major VPN exits. We don’t fingerprint or rate-limit anonymized connections.
- Use a burner email: ProtonMail, Tutanota, or a throwaway Gmail. We only need it to send tracking and receipts.
What We’ll Never Do
- Sell customer data to any third party, ever.
- Respond to informal data requests without a court order from an EU jurisdiction.
- Retain data past its stated expiry “just in case.”
- Run third-party analytics that correlate your identity across sites.
- DM you first on Telegram or WhatsApp. We only respond; we never initiate contact.
The Honest Disclaimer
No system is un-compromisable. What we can promise is: the blast radius of a worst-case breach on our system is small by design. There isn’t a decade of order history to leak. There aren’t cross-linked ad identities to correlate. The address that was delivered 45 days ago is already gone.
If this level of data minimization matters to you, that’s why we built it this way.