Privacy Policy

Home Manifesto ISMS

🕵️ Privacy Policy: Surveillance Capitalism Meets Anarchist Data Protection

If You're Not Paying, You're the Product

Nothing is true. Everything is permitted. Except harvesting user data without consent—GDPR made that expensive.

Think for yourself. Question authority. Especially the authority that says "we value your privacy" while selling your data to 847 partners.

Privacy isn't dead. It's just being held hostage by surveillance capitalism. But we have a weapon: GDPR—the only regulation that makes data brokers sweat.

ILLUMINATION: If you're not paying for it, you're the product. If you are paying for it, you're probably still the product. Question everything.

Here's our anarchist approach to data protection, grounded in actual GDPR compliance:

The Five Principles of Not Being a Data Vampire

1. Purpose Limitation

Collect data for specific purposes, not "whatever we might want later." Mission creep is how surveillance states are born.

If you can't articulate why you need data, you don't need it.

2. Data Minimization

Collect only what you need. Every byte is a liability, a target, and a responsibility. More data ≠ better insights. Usually just more risk.

The best data to protect is data you never collected.

3. Storage Limitation

Delete data when you're done with it. Hoarding data "just in case" is how breaches become catastrophes. Set retention periods, enforce them.

Data is toxic waste—dispose of it properly or it poisons everything.

4. Transparency

Tell people what you're doing with their data. In plain language, not legalese. Radical transparency isn't just security—it's respect.

If your privacy policy requires a law degree to understand, it's designed to hide something.

5. User Control

Give users rights: access, correction, deletion, portability. They own their data, not you. Act accordingly or face GDPR fines that actually hurt.

User rights aren't optional features—they're legal requirements backed by penalties that matter.

Privacy by Design, Not by Accident

Privacy isn't something you bolt on after building surveillance infrastructure. It's architectural:

  • Default to Privacy — Opt-in, not opt-out. Make the secure choice the default choice.
  • Encrypt Everything — Data in transit, data at rest, data in use. If it's not encrypted, assume it's already compromised.
  • Minimize Attack Surface — Fewer databases, fewer copies, fewer access points. Simple is survivable.
  • Anonymize When Possible — You can't leak PII you don't have. Aggregate, anonymize, pseudonymize.
  • Audit Access — Log who accessed what, when. Trust, but verify. Mostly verify.

META-ILLUMINATION: Privacy by default means users don't have to trust you—your architecture protects them whether they understand it or not.

GDPR: The Only Regulation With Teeth

GDPR isn't perfect, but it's the closest thing we have to a weapon against surveillance capitalism:

  • Real Penalties — Up to 4% of global revenue or €20M, whichever is higher. Companies actually care about this.
  • Extraterritorial Reach — EU citizens' data is protected everywhere. Can't hide in another jurisdiction.
  • User Rights — Right to access, rectification, erasure, data portability. With enforcement.
  • Breach Notification — 72 hours to report. No hiding breaches for months/years anymore.
  • Privacy by Design — Baked into the regulation. Not optional.

Operation Mindfuck the data brokers: Exercise your GDPR rights. Request your data. Delete it. Make them work for it. Every request costs them time and money.

CHAOS ILLUMINATION: The best way to fight surveillance capitalism is to make it economically unviable. GDPR is a start.

Our Implementation: Transparent, Minimal, User-Controlled

At Hack23, we practice what we preach:

  • Minimal Collection — We collect what we need for services, nothing more.
  • Clear Purpose — Every data point has a documented purpose. No "future use" hoarding.
  • User Control — Access, export, delete—your rights, our responsibility.
  • Encryption Everywhere — Transit, rest, backups. All encrypted.
  • No Third-Party Tracking — No analytics that track users across sites. No ad networks. No data brokers.
  • Retention Policies — Data deleted when purpose expires. Automated, enforced, audited.
  • Breach Response — 72-hour notification plan. Because law requires it and users deserve it.

Full details in our public Privacy Policy—because transparency isn't just for security.

Welcome to Chapel Perilous: Privacy Edition

Nothing is true. Everything is permitted. Except non-consensual data collection—that's expensive now.

Privacy is possible. Not easy, not convenient, but possible. GDPR proved companies can function without selling user souls to the highest bidder.

Think for yourself. Read privacy policies. Exercise your rights. Make surveillance capitalism unprofitable.

ULTIMATE ILLUMINATION: You are now in Chapel Perilous. Privacy is both a right and a responsibility. Both are true. Nothing is true.

All hail Eris! All hail Discordia!

"Think for yourself, schmuck! Question everything—especially anyone who claims to 'value your privacy' while monetizing your data."

— Hagbard Celine, Captain of the Leif Erikson 🍎 23 FNORD 5