Privacy Policy
Last updated: March 9, 2026
Flopdate is a crowdsourced software stability tracker. We collect minimal data needed to operate the service and prevent abuse. We do not sell, share, or transfer your data to third parties.
What we collect
When you vote
- Browser fingerprint — a one-way hash (HMAC-SHA256) derived from your IP address, browser User-Agent, Accept-Language, and Sec-CH-UA headers. The raw values are not stored — only the irreversible hash. Used solely to prevent duplicate votes.
- Voter cookie (
flopdate_voter) — a signed, HttpOnly cookie containing a random UUID. Expires after 1 year. Used as a secondary deduplication method. This is a strictly functional cookie and does not require consent under GDPR/ePrivacy. - Vote data — your vote (stable/unstable), selected issue categories, and optional issue description. Stored indefinitely as part of the aggregated stability data.
- Local storage — your browser stores which versions you voted on to show your vote in the UI. This data never leaves your browser.
When you submit a software request
- Software name and URL (required) — stored to process your request.
- Reason (optional) — why you think this software should be added.
- Email (optional) — if provided, used only to notify you when the request is resolved. Deleted immediately after.
- IP address — stored to enforce rate limiting and prevent abuse.
Automatically collected
- Session cookie (
flopdate_session) — used for CSRF protection and flash messages. Expires after 2 hours. - Rate limiting — temporary counters using your IP address. Automatically expire within minutes. No permanent record is kept.
What we do not collect
- No analytics or tracking scripts
- No third-party cookies
- No advertising data
- No account registration required
How we use your data
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Browser fingerprint hash | Prevent duplicate votes | Legitimate interest |
| Voter cookie | Vote deduplication | Legitimate interest |
| IP address (requests) | Rate limiting, abuse prevention | Legitimate interest |
| Email (optional) | Request status notification | Consent |
| Vote & issue data | Stability scoring | Legitimate interest |
Data retention
- Votes and issue reports — stored indefinitely as aggregated, anonymous stability data.
- Software request emails — deleted immediately after the request is resolved.
- Session data — expires after 2 hours.
- Rate limit counters — expire within minutes.
Your rights
Under GDPR, you have the right to:
- Access — request what data we hold about you.
- Deletion — request removal of your data. Note: votes are anonymous by design and cannot be linked back to you after submission.
- Object — object to processing based on legitimate interest.
To exercise any of these rights, contact us at the address below.
Third parties
We do not share your data with any third party. All data is stored on our own infrastructure. No external analytics, advertising, or tracking services are used.
Contact
For privacy-related inquiries: [email protected]
See also: Terms of Service