Flamenet operates the website flamenet.io and all services accessible through that domain, including the Forum, Groups, Messaging, Jobs, Listings, Answers, Events, Games, and the Link Directory (collectively, "Flamenet" or "the Service").
When this policy refers to "we," "us," or "our," it means Flamenet. When it refers to "you" or "your," it means you as a visitor or registered user of the Service.
We only collect information that is necessary to provide and improve the Service. Below is a complete list of the categories of data we collect.
When you create an account you provide a username and email address. Your password is stored as a one-way cryptographic hash — we cannot recover or read it. Your email address is used to:
We do not verify email addresses for the purpose of marketing. You can update or delete your email address at any time from your profile page.
Content you create on Flamenet — forum posts, group messages, job listings, auction listings, Q&A answers, events, directory submissions — is stored in our database to provide those services. Public content is visible to other users. Private messages are stored encrypted (see Section 4).
If you apply for a job listed on Flamenet, we store your application details (cover letter, resume file if uploaded). This information is shared with the employer who posted the listing and is not used for any other purpose.
If you complete a Flamenet Jobs profile (headline, biography, skills, work history, education, portfolio URL, LinkedIn URL, resume PDF), this data is stored as part of your account and may be shared with employers who receive your application. Your profile is not publicly indexed — it is only accessible to employers whose listings you have applied to, and to Flamenet administrators for moderation.
If you sign in through the AIM widget, your AIM screen name is stored in your Flamenet profile. Authentication with AIM is handled by aim.flamenet.io. We store only the screen name — not your AIM password.
Our web server records each request in a standard access log. These logs include your IP address, the page you requested, your browser's user-agent string, and the date and time of the request. We use these logs to:
Raw access logs are retained for 30 days and then automatically purged. We do not correlate IP addresses with user accounts unless investigating a specific abuse report.
We use Umami Analytics (self-hosted at analytics.flamenet.io)
to understand how pages are used. Umami does not use cookies, does not collect
personal identifiers, and does not share data with third parties. All data is
stored on our own infrastructure. The data collected is: page URL, referrer,
browser name, OS name, device type, and country derived from IP (IP address is
not stored).
We may produce and share aggregate, anonymized statistics about the Service (e.g., total registered users, number of forum posts) that contain no personal information.
Messages sent through the Flamenet Messaging feature are encrypted using AES-256-GCM before they are written to the database. The encryption key is derived from a secret stored in our server configuration and is never stored alongside the message data. This means:
Messages are not end-to-end encrypted in the cryptographic sense (i.e., we hold the decryption key), but they are encrypted at rest and inaccessible to anyone without server-level access.
Payments for listings and auction Buy It Now purchases are processed by Stripe, Inc. Flamenet never receives, transmits, or stores your full credit or debit card number, CVV, or billing address. When you complete a purchase, you are interacting directly with Stripe's payment infrastructure. We receive only a confirmation of success or failure and a Stripe-generated session identifier for our records.
Stripe's privacy practices are governed by the Stripe Privacy Policy.
We use only the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
wordpress_logged_in_* |
Keeps you signed in to your Flamenet account. | Session / 14 days if "Remember Me" checked |
wordpress_sec_* |
WordPress security token for authenticated admin requests. | Session |
wp-settings-* |
Stores your WordPress admin UI preferences (admin users only). | 1 year |
wordpress_test_cookie |
Checks that your browser accepts cookies before login. | Session |
We do not use advertising cookies, cross-site tracking cookies, or cookies from third-party analytics services. Our analytics tool (Umami) is cookieless by design.
You can configure your browser to refuse all cookies or to alert you when a cookie is being set. Refusing session cookies will prevent you from signing in to Flamenet.
We share personal data with a small number of third parties only where necessary to operate the Service:
| Third party | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing for listings and auctions. | Payment details (processed directly by Stripe; see Section 5). |
| aim.flamenet.io | AIM authentication server operated by Flamenet. | AIM screen name; password handled entirely by aim.flamenet.io. |
| Sentry | Error monitoring and crash reporting (if enabled). | Stack traces and error context; configured to strip personal data from payloads. |
| Our hosting provider | Server infrastructure. The provider can access server files and databases under their terms of service. | All data stored on the server. |
We do not share data with data brokers, advertising platforms, social networks, or any party for purposes other than those listed above.
We may disclose your information if required to do so by a valid and binding legal order (court order, subpoena, or equivalent). Where legally permitted, we will notify you before complying. We will challenge requests that we believe to be overbroad or legally deficient.
We will never voluntarily provide user data to law enforcement without a specific, valid legal demand targeting your account.
| Data type | Retention period |
|---|---|
| Account data (username, email, password hash) | Until you delete your account, or until we delete inactive accounts after 3 years of inactivity. |
| Public content (posts, forum threads, listings, Q&A) | Until deleted by you or by a moderator. |
| Private messages (encrypted) | Until deleted by you or both participants. Soft-deleted messages are purged after 90 days. |
| Job applications and professional profile | Until deleted by you. Deleted when your account is deleted. |
| Resume file (PDF upload) | Until you remove it from your profile or delete your account. |
| Server access logs (raw) | 30 days, then automatically purged. |
| Payment records (Stripe session IDs) | 7 years (financial record-keeping requirements). |
| Aggregate analytics data | Indefinitely (contains no personal information). |
Regardless of where you are located, you have the following rights with respect to your personal data:
You can view the personal data we hold about you by signing in to your account and visiting your profile page. You may request a full data export by contacting us at privacy@flamenet.io.
You can update your username, email address, and profile information directly from your profile page at any time.
You can delete your account by contacting us at privacy@flamenet.io. Upon deletion:
You may object to or request restriction of any processing of your data by contacting us. We will respond within 30 days.
You may request an export of your personal data in a machine-readable format by contacting privacy@flamenet.io.
If you believe we have handled your data unlawfully, you have the right to file a complaint with a relevant data protection authority in your jurisdiction.
Flamenet is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will delete that data promptly. If you believe a child under 13 has created an account, please contact us at privacy@flamenet.io.
For any questions, requests, or concerns about this Privacy Policy or the data we hold about you, contact us at:
Email: privacy@flamenet.io
Subject line: Privacy Request — [your username]
We aim to respond to all privacy inquiries within 10 business days.
| Date | Change |
|---|---|
| February 28, 2026 | Initial policy published. Added sections covering professional profile (Jobs), AIM screen name storage, Umami analytics, encrypted messaging, Stripe payments, and crawler blocking via robots.txt / ai.txt. |