🔒 Security & Privacy Info
Radical Anonymity by Design
🎯 Client-Side Image Sanitization
Every image you upload is re-encoded locally on your device using the HTML5 Canvas API before it ever reaches our servers.
Image Data → Canvas Re-draw → BLOB → Upload (EXIF Stripped)
This removes all GPS data, Device IDs, and Timestamps locally.
🔑 Local-Only Ownership
We solve the "How do I delete my post without an account?" problem using Local Token Ownership.
- When you upload, your browser generates a unique UUID (secret key).
- This key is stored only in your browser's LocalStorage.
- To delete a post, your browser proves ownership by sending this secret key.
*If you clear your browser data or switch devices, the "link" to your post is permanently severed to maintain absolute anonymity.
🔓 Zero-Knowledge Protocol
BinOverflow is designed so the administrator physically cannot link a report to an individual.
- ✗ No Identities: We do not log names, IPs, or phone numbers.
- ✗ No Sessions: No login or accounts exist.
- ✗ One-Way Data: Reports are assigned randomized IDs with no back-link to the uploader.
🇮🇳 DPDPA 2023 Compliance
Under India's Data Protection Act, anonymized data (data that cannot identify a person) is exempt from many personal data obligations.
"Because we do not store identities or IP logs, we cannot fulfill 'Right to Access' requests as no data is linked to a verifiable identity."
📧 Questions?
To report a privacy violation (face/license plate) where the original uploader cannot be reached, use the anonymous takedown form at /takedown. We do not engage via email.