Skip to content
PIGWATCH

Privacy Policy

Last updated: March 15, 2026

1. Data Controller

PigWatch.org is operated by OptiMystic Holdings Corp. ("we", "us"), Quebec, Canada. For privacy inquiries: [email protected]

2. Data We Collect

2.1 Sworn Declarations (filing a report)

Declarant name, email, phone — provided voluntarily for sworn filings. Digital signature — captured via HTML5 canvas. Report content — category, title, description, severity, incident details. Evidence files — if uploaded, stored encrypted on RAID 1 storage.

2.2 Anonymous Tips

No identifying information is collected for anonymous filings. No name, no email, no signature.

2.3 Browsing Data

We do not use cookies for tracking. We do not use analytics services (no Google Analytics, no Meta Pixel). We store a language preference in your browser's localStorage. Server logs contain IP addresses for rate limiting and are rotated regularly.

2.4 Payment Data

Filing donations are processed through Invoice Ninja and/or BTCPay Server. We do not store credit card numbers. Payment processors handle card data under their own privacy policies.

3. How We Use Your Data

Declarant identity is stored privately and never displayed publicly; may be disclosed only pursuant to valid legal process. Report title, category, severity, and filing type are displayed publicly. Digital signatures are stored encrypted and viewable only by authorized administrators. SHA-256 hash of report content is displayed publicly as proof of integrity. Evidence files are stored encrypted and accessible only to authorized administrators.

4. Data Storage & Security

All data is stored on LUKS-encrypted RAID 1 mirrored storage. Database: PostgreSQL 17 with encrypted-at-rest storage. Evidence and signatures are stored in a dedicated encrypted directory. Hash-chain ledger is append-only and cryptographically tamper-evident. SSL/TLS encryption for all data in transit (via Cloudflare). Server located in Canada, subject to Canadian privacy law.

5. Data Retention

Filed reports are permanent. Once a report is SHA-256 hashed and entered into the ledger, it cannot be altered or deleted without breaking the cryptographic chain. Declarant contact information is retained for legal compliance purposes. Server logs are retained for 90 days. Payment records are retained as required by tax law.

6. Your Rights

Under PIPEDA (Canada), GDPR (EU), and CCPA (California), you may have rights including: Access — request a copy of your personal data. Correction — request correction of inaccurate data (note: report content cannot be altered once filed). Deletion — we can delete your contact information; however, the report content and its cryptographic hash are permanent by design. Objection — you may object to processing; however, the public interest nature of the Service may override individual objection rights.

To exercise these rights, contact [email protected]

7. Disclosure to Third Parties

We do not sell, trade, or share personal data with third parties except: when required by valid legal process (court order, subpoena); payment processors for donation processing; OpenTimestamps calendar servers receive SHA-256 hashes only (no personal data).

8. Children

The Service is not directed at individuals under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect upon posting. The "Last updated" date at the top of this page indicates when the policy was last revised.