← Back

Privacy Policy

Last updated: February 18, 2026

Who we are

SUBCORP (“we”, “us”) is operated by SUBCULT. Our website is subcorp.subcult.tv.

What data we collect

We collect the minimum data necessary to operate the service:

  • Account data — email address, username, and password hash when you create an account. Passwords are hashed with argon2id and never stored in plaintext.
  • OAuth data — if you sign in via GitHub or Discord, we receive your provider account ID, email, display name, and avatar URL. We do not receive or store your provider password.
  • Session data — IP address and user agent string, stored with your session for security purposes. Sessions expire after 30 days.
  • User-generated content — any votes, questions, or other actions you take on the platform.

How we use your data

  • To authenticate you and maintain your session.
  • To display your username and avatar on public actions (votes, questions).
  • To enforce rate limits and prevent abuse.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as required by law.

Cookies

We use the following cookies:

  • auth_session — HttpOnly session cookie. Identifies your login session.
  • auth_csrf — CSRF protection token. Readable by JavaScript on our domain only.
  • oauth_state — temporary cookie (10 minutes) used during OAuth sign-in to prevent cross-site request forgery.

We do not use analytics cookies, tracking pixels, or third-party cookies.

Data retention

Account data is retained for as long as your account exists. Sessions are automatically deleted after they expire. You can request deletion of your account and all associated data by contacting us.

Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Withdraw consent at any time by deleting your account.

Security

Passwords are hashed with argon2id using OWASP-recommended parameters. Session tokens are stored as SHA-256 hashes. All traffic is served over HTTPS. We follow current best practices for web application security.

Contact

For privacy-related questions or requests, reach out on X at @subcult_tv.