Privacy Policy

Last updated: May 2026

1. Who we are

OpenYourSecret is an anonymous secret-sharing platform operated at openyoursecret.com. We allow users to share personal secrets anonymously using a randomly generated user ID. No real names are ever displayed publicly.

2. What data we collect

When you register, we collect:

  • Your email address (used only for login, never shown publicly)
  • A bcrypt-hashed password (we cannot read your password)
  • A randomly generated anonymous ID (e.g. #usr_7f3a2b)
  • The date your account was created

When you use the site, we also collect:

  • Secrets and comments you choose to post
  • Reactions ("relate") you give to secrets
  • Standard server logs (IP address, browser type, pages visited)

3. How we use your data

  • To provide and operate the service
  • To authenticate your login session
  • To moderate content and enforce our Terms of Service
  • To display anonymous content on the public feed
  • To improve site performance and user experience

We do not sell your data to third parties. We do not show your email address publicly. We do not link your anonymous ID to your real identity anywhere on the site.

4. Cookies

We use a session cookie to keep you logged in. This cookie contains no personal information. We may also use Google Analytics cookies to understand site traffic (see section 6). You can disable cookies in your browser settings, but this will prevent you from logging in.

5. Data retention

Your account and associated content is retained as long as your account exists. You can delete individual secrets from your user panel at any time. To request full account deletion, contact us at the email in the Impressum below.

6. Google Analytics & Advertising

We use Google Analytics to track anonymous visitor statistics (pages visited, country, browser). Google may set cookies for this purpose. We may also display Google AdSense advertisements. Google's privacy policy applies to data collected through these services: policies.google.com/privacy.

7. Your rights (GDPR)

As a user in the EU/EEA you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to processing of your data
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, contact us at the address in the Impressum.

8. Data security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt and are never stored in plain text. We take reasonable technical and organisational measures to protect your data.

9. Changes to this policy

We may update this policy from time to time. Continued use of the site after changes constitutes acceptance of the updated policy.