Last updated: Monday, August 4th, 2025
This policy explains how Backyard Bandwidth protects your privacy within the user dashboard and related account systems. We maintain a strict privacy-first architecture with minimal data retention and no behavioral analytics.
When a user registers, their email is associated with their Stripe billing account. However, we do not store the full email address on our platform. Instead:
All user data is carefully compartmentalized and stored separately to ensure that, in the event of a breach or leak, personally identifiable information (PII) cannot be correlated with usernames.
If a manual lookup is required for operational or security reasons, we will first leave a visible message in the user’s upload directory notifying them of the pending lookup request. This message is automatically generated by the backend and cannot be bypassed or suppressed by administrators. It ensures full transparency and user awareness before any access occurs.
Files are uploaded anonymously by vetted administrators using only the username. We do not track, tag, or store:
The only stored metadata is the s3 file path, which is necessary to display files back to the user. All uploads are encrypted and stored securely on an encrypted S3-backed storage system.
Backyard Bandwidth does not log download activity. Specifically:
Downloads are served privately and directly to the session in use, with no tracking or fingerprinting.
User accounts consist only of the following data:
If a user wishes to remove their account, they may contact us directly. Upon request, we will:
We retain no backup or archival copies of deleted user data.
All administrators undergo strict vetting before receiving access to internal tools. Administrative access is role-based and strictly limited to operational needs. Admins cannot see full email addresses or perform lookups without explicit need and elevated permission.
Any action involving manual user lookup or elevated access requires unanimous approval from all currently available administrators. This approval process is enforced at the backend level and cannot be bypassed, overridden, or performed individually. Until full approval is granted, the requested action will not execute.
We do not log any of the following:
Session data is stored only in the client browser and exists solely to authenticate you to our backend. We do not persist session logs or cross-reference logins.
Standard user sessions automatically expire after 11 hours and 55 minutes (max_age: 42900 seconds). Administrator sessions expire after 50 minutes (admin_max_age: 3000 seconds). Once expired, users must reauthenticate.
We do not use any of the following:
The user dashboard is fully self-contained and telemetry-free.
All user data is stored encrypted at rest and transmitted securely in transit. We enforce strict encryption policies on all endpoints, including internal services, and do not allow unencrypted access under any circumstances.
While our primary systems operate within the United States, data may be temporarily transferred to the user’s region at the time of request in order to serve files or account data with minimal latency. This transfer is transient and does not result in persistent replication across jurisdictions.
We also adhere to strict policies around personally identifiable information (PII) separation, ensuring that no identifiable data is stored alongside usernames or file metadata. Even in the event of a compromise, PII cannot be correlated to account activity.
Purchases using cash or crypto are tied only to the automatically generated username created at the time of registration. Each username is generated with approximately 81.52 bits of entropy, meaning that even at one million guesses per second, it would take an estimated ~98 billion years to brute-force the username.
If a user chooses to pay via Stripe, the Stripe customer ID is stored with the account. While we never store full email addresses or PII, a sufficiently privileged actor with access to Stripe’s backend could technically identify a user through their payment metadata.
All financial data—whether Stripe-based or crypto-based—is segregated from account metadata and file storage systems to preserve maximum compartmentalization and privacy protection.
The user dashboard does not use tracking cookies or third-party scripts. We store only minimal session data in your browser’s local storage or session storage to maintain login state.
The session token is transmitted to the backend during each request to verify that the user is authenticated. This token is not stored on the backend—it is used only during the request and immediately discarded.
Once the token expires or the user logs out, it becomes invalid and cannot be reused. The session data in the browser is automatically deleted when the session ends.
Users may request information about the data associated with their account or ask questions related to our privacy practices.
We are unable to modify or correct account details because we do not store any personally identifiable information beyond what is explicitly described in this policy. User data is intentionally minimal and immutable by design to protect user privacy.
All inquiries can be made through our secure contact channels listed on the website. We respond to all legitimate privacy-related questions within a reasonable timeframe.
In the event of a confirmed data breach that impacts user privacy, we will promptly notify affected users and publish a detailed incident report. While our systems are designed to prevent correlation of user identity to data, we treat all security events seriously and transparently.
We may revise this dashboard privacy policy at any time. Updates will be posted on this page and become effective immediately upon publication.