Privacy policy & cookies
Last updated: February 2026
Data controller
Garbæk IT
CVR: 21664480
Midtjylland, Denmark
support@garbaek.it
Feel free to contact us if you have any questions about how we handle your personal data.
What we store — and why
All visitors
We store an anonymised fingerprint (a one-way hash of your IP address, browser and a daily salt) in our rate limit table. This is used solely to prevent spam and abuse. Fingerprints do not contain your raw IP address and cannot be used to identify you. Your IP address is checked against our IP ban list on each visit but is not stored permanently — unless you are subject to an IP ban, in which case the IP address is stored with an optional expiry date.
Anonymous users who post
Your posts and threads are stored with your anonymous user token (a random 16-character cookie) and the anonymised fingerprint. Content is publicly visible. We do not store your IP address on individual posts.
Registered users
We store your email address, a bcrypt-hashed password, your username, avatar choice and the time of your last login. Your email is used only for verification, password reset and important service messages — never for marketing.
Premium payments
Payments are processed by Stripe. We do not store card details. We store Stripe's session ID, customer ID, payment amount and currency in our database in order to assign and manage your premium status.
Reports
If you report a post, your user ID or fingerprint is stored alongside the report to prevent abuse of the reporting feature.
Typing indicator
If you begin typing in a thread, a temporary draft is stored with your user token and display name. This data is continuously overwritten and is not permanent.
How long we retain data
Posts and threads are stored indefinitely — they form the public history of the platform. Threads with no activity for 7 days are archived and can no longer be commented on.
Rate limit data is deleted automatically when no longer active.
Account information is stored for as long as your account is active. If you delete your account, your email, password and profile information are deleted. Your posts and threads are retained to preserve the context of discussions you participated in, but are disassociated from your identity.
Stripe payment data is retained in accordance with applicable bookkeeping requirements (5 years).
Your rights
You have the right to access, rectify and delete the personal data we hold about you. You also have the right to object to processing and to receive your data in a machine-readable format.
Registered users can delete their own account in settings, which removes all personally identifiable information. For access requests or other enquiries, contact us at support@garbaek.it. We respond within 30 days.
You may lodge a complaint about our processing of your personal data with the Danish Data Protection Agency (Datatilsynet) or your local data protection authority.
Cookies
We use three cookies, all of which are strictly necessary for the site to function. We use no tracking, analytics or advertising cookies.
| Name | Purpose | Duration |
|---|---|---|
debati_session |
Keeps you logged in | Session |
debati_uid |
Anonymous user token for rate limiting and anonymous posting | 1 year |
dark_mode |
Remembers your light/dark mode preference | 1 year |
Stripe sets its own cookies during the payment process. These are necessary to complete the payment and are governed by Stripe's privacy policy. Stripe Climate is part of our Stripe integration — 1.5% of payments go to CO₂ removal via Stripe Climate.
Since we use only strictly necessary cookies, EU cookie rules do not require a consent banner. You can delete cookies at any time in your browser settings.
Third parties
We do not share your personal data with third parties except Stripe (payment processing) and hCaptcha (spam protection). Both process data in accordance with GDPR. We never sell data.
The servers running Debati are located within the EU.