Privacy Policy
Last updated: 25 May 2026. This policy will be reviewed by a qualified lawyer before public launch.
1. Who we are
Checkser ("we", "us") operates the website at checkser.com. For questions about this policy, contact us at privacy@checkser.com.
2. What data we collect
| Data | Why | How long we keep it |
|---|---|---|
| Username | Identify you on the platform; shown publicly on checklists you create or edit | Until you delete your account |
| Email address | Account verification; password reset; service notifications | Until you delete your account |
| Password (hashed) | Authentication — we store only a bcrypt hash, never the plaintext | Until you delete your account |
| Checklist content | Core product function; publicly displayed | Indefinitely (community content, CC BY-SA 4.0) |
| Edit history | Version control and attribution | Indefinitely |
| Session data | Keep you logged in | 14 days (stored in MongoDB) |
| Progress data | Save your checklist tick state (logged-in users only) | Until you delete your account |
We do not collect payment information, run analytics scripts, or sell advertising.
3. Cookies
We use two types of cookies:
- Session cookie — keeps you logged in. Essential for the Service to function.
- Progress cookie (
ck_progress) — stores checklist tick state for anonymous users. No personal data; expires after 90 days.
We do not use tracking, advertising, or analytics cookies.
4. Who we share data with
We share your data only with the following sub-processors:
- MongoDB Atlas — database hosting (your data is stored here)
- Email provider (Nodemailer/SMTP) — sends verification and notification emails
We do not sell, rent, or share your personal data with any third party for marketing purposes.
5. Your rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data (you can update your username via your profile)
- Erasure — request deletion of your account and personal data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
To exercise any of these rights, email privacy@checkser.com. We will respond within 30 days. Note: checklist content and revision history may be retained as community content under CC BY-SA 4.0 even after account deletion, but will be attributed as "deleted user".
6. Data security
We use industry-standard measures: bcrypt password hashing, HTTPS in transit, and access controls on our database. No system is perfectly secure; please use a strong, unique password.
7. Children
Checkser is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has registered, contact us at privacy@checkser.com and we will delete the account.
8. Changes to this policy
We may update this policy. We will notify registered users by email of material changes. The date at the top of this page reflects the most recent update.
This policy is a working draft intended to convey intent. It will be reviewed and finalised by a qualified lawyer before public launch.