legal · privacy policy

Privacy policy.

A short and honest description of the data we keep, why we keep it, and how you can ask us to delete it. No dark patterns. No hidden trackers.

last updated
May 21, 2026
jurisdiction
global

01Summary

Maki collects the minimum data we need to run a maki.wf profile for you. We don't sell data, we don't train AI on your content, and we don't share it with advertisers. The only third parties we use are infrastructure providers (hosting, email delivery) — listed below.

Your profile, your data, your rules. We host it, you own it.

02What we collect

You give us

  • Account basics — username, email, hashed password.
  • Profile content — bio, links, avatar, custom theme, music, status.
  • Optional connections — Discord, Spotify (only if you connect them).

We collect automatically

  • Page views & link clicks (aggregated counts, not per-visitor logs).
  • Technical telemetry — IP, user-agent, error logs — kept for 14 days for abuse/security only.
  • Rate-limit / bot-guard signals — stored in your own browser via localStorage.
What we don't collect: third-party ad cookies, cross-site trackers, fingerprints, or anything sold to data brokers.

03How we use it

  • To create and serve your maki.wf page.
  • To respond when you contact support, file an appeal, or ask for a deletion.
  • To detect abuse and protect the service (rate-limit, bot-guard, manual review).
  • To send essential transactional emails (sign-up confirmation, security alerts). No marketing without opt-in.

04Sharing & third parties

We work with a few infrastructure providers. They process data on our behalf under data-processing agreements, only for what they're hired for:

  • Hosting / CDN — serves your page and assets globally.
  • Email delivery — sends confirmation and security messages.
  • Error monitoring — captures stack traces (with PII scrubbed) when something crashes.

We will only disclose your data to law enforcement when we receive a valid legal order. We push back on overbroad requests.

05Cookies & local storage

We use a single first-party session cookie to keep you logged in. We use localStorage to remember your language choice, your draft username during sign-up, and the rate-limit counters. That's it — no tracking pixels, no third-party cookies.

06Security

Passwords are hashed with a modern algorithm (Argon2id). Transport is HTTPS-only. We log authentication events for 90 days for anomaly detection. We will email you if your account is involved in any incident we discover.

07Retention

  • Account + profile content — until you delete your account.
  • Technical telemetry — 14 days.
  • Auth event logs — 90 days.
  • Billing records — 7 years (legal requirement).
  • Backups — overwritten on a rolling 30-day window.

08Your rights

Wherever you live, you can ask us to:

  • See a copy of the data we hold about you (data export).
  • Correct anything that's wrong.
  • Delete your account and everything we hold about you.
  • Object to specific uses or restrict processing.
  • Move your data to another service (portability).

To exercise any of these, email hi@maki.wf from the address on your account. We respond within 30 days.

09Children

Maki is not designed for under-13s. If we learn that an under-13 has signed up, we delete the account. Some countries set a higher age limit (16 in parts of the EU); please follow the limit that applies to you.

10Changes

If we change this policy in a way that affects you, we'll notify you in-app or by email at least 14 days before the change takes effect.

11Contact

Privacy questions, data requests, or to reach our data protection contact: hi@maki.wf. We try to reply within two business days, always within thirty.