Privacy Policy

for using the anonymous platform AnonymousDeals.net

1. Who we are and what is the nature of the service

1.1 AnonymousDeals.net is an anonymous and (functionally) decentralized environment enabling the publication of offers/demands and mutual communication of users. The system is designed in "privacy-by-design/zero-knowledge" mode: it encrypts data end-to-end and gives no central subject the ability to read content, identify users or remove posts.

1.2 As a result of this architecture, there is no central subject available that could access user content in readable form. Users are aware that the platform, for technical reasons, does not see, moderate or delete content.

2. What data we (do not) process

2.1 The service is designed not to require personal data and for all sensitive data to be unreadable to the operating party.

2.2 Data provided by the user during registration:

  • Username (pseudonym) - without connection to identity
  • PGP public key - stored in the database in open form
  • PGP private key - stored only encrypted (using user KEY and salt)
  • Blockchain addresses (Ethereum, Solana) - generated by the system; related private keys are stored separately and encrypted
  • KEY (access phrase) is never stored in the database; exists only during login in the user session

3. Communication and content

3.1 Chat messages and demand content - stored only in encrypted form (PGP, RSA 4096, Halite for symmetric encryption).

3.2 Initialization vectors (IV) - generated uniquely for each encryption and stored together with encrypted data.

3.3 The Platform cannot decrypt, read or moderate messages.

3.4 Operational and security data

3.5 Session identifier, basic technical error logs (without sensitive content).

3.6 Minimalist logging - sensitive information is not logged.

3.7 Cookies:

  • Only necessary (session) cookies for login and session maintenance
  • No tracking/analytics cookies without separate consent

4. Purposes and legal bases

4.1 Providing service and platform operation (contract performance/user terms compliance).

4.2 Security and system integrity (legitimate interest - error detection, abuse prevention).

4.3 Consents, if optional functions were introduced (e.g., analytics) - not standard components.

5. Recipients and transfers

5.1 Content and communication are end-to-end encrypted - recipients of transferred data (e.g., infrastructure providers) do not see readable content.

5.2 No sharing with third parties for marketing purposes.

6. Transfers outside EEA

6.1 The goal is to minimize transfers and maintain encrypted form of data. If technical transfer occurs, it proceeds exclusively with encrypted content that is not readable to the recipient.

7. Retention period

7.1 Messages/content: retained in encrypted form for the duration of existence of relevant records in the system. The platform has no ability to read content or selectively delete it.

7.2 Session/KEY: only for the duration of login; after logout or expiration, the session is destroyed.

7.3 Error logs: short-term and in limited scope, without sensitive data.

8. Security measures

8.1 PGP (RSA 4096) for asymmetric encryption; Halite for symmetric encryption and key derivation.

8.2 Unique IV for each encryption operation.

8.3 Private key encryption using user KEY + salt (brute-force resistance).

8.4 KEY is never stored in DB; exists only in session.

8.5 Logging minimization and separate secure storage for private keys to blockchain addresses.

9. Data subject rights (GDPR)

9.1 The service is designed not to work with personal data in readable form. If a user voluntarily discloses personal data in content (which we do not recommend), the platform has no technical ability to read, search or remove such data.

9.2 Your GDPR rights (access, rectification, erasure, restriction, portability, objection) may be practically limited for these reasons:

  • the platform does not see your content in open form
  • does not maintain identification records linking content to real identity
  • cannot delete or change content (see architecture and anonymity)

9.3 Recommendation: Do not share any personal data in content. To ensure privacy, use anonymous nicknames and follow security procedures (strong KEY, key management).

10. Children

10.1 The service is not intended for persons under 18 years of age. We do not collect age data.

11. Automated decision-making / profiling

11.1 We do not perform profiling or automated decision-making with legal effects.

12. Changes to this document

12.1 We may update these policies by publishing a new version in the platform environment. Continued use of the service means consent to the current wording.

13. Contact / Management

13.1 Due to the anonymous and decentralized nature of the platform, there is no central contact available with access to content or user identities. The technical nature of the service does not allow reading, searching or deleting user content.

Summary for users

  • We don't send your data to third parties for marketing (we technically can't do it)
  • We don't read your messages (we technically can't do it)
  • We don't store your KEY, we only use it temporarily in session
  • We encrypt everything end-to-end (PGP 4096 + Halite, unique IV)