What you let
us do.

By creating an account on anycast.ac I freely, of my own will and in my own interest, give consent to anycast.ac to process my personal data on the terms described below and in the full privacy section of the policy.

• Email and password hash. For sign-in. The password is stored as a bcrypt hash; anycast.ac cannot read the original password.
• IP address and browser. Captured on every login and API call — for security, abuse prevention and basic incident diagnostics.
• Telegram identifiers. Only if I voluntarily link my Telegram account for two-factor authentication.
• Tariff plan and API call log. Used to enforce per-plan limits and bill usage. The log contains: timestamp, the IP I queried, my API key and the verdict — never my browsing or my customers' content.
• Billing details. Only if I pay for a paid plan. Card numbers are not seen by anycast.ac — they are handled by an external PCI-certified payment provider.

anycast.ac does not collect documents, biometrics, government ID numbers, residential addresses, or other special-category data.

• to let me sign in and use the API;
• to count my usage and stop me bypassing the per-plan limits;
• to protect my account and the service from abuse and attacks;
• to answer my support requests;
• to satisfy legitimate legal requests from authorities, in the narrow cases the law requires.

No advertising, no tracking across third-party services, no data exchange with marketing partners. If any of that ever changes, I will be asked to consent again to a new version.

As long as my account exists. If I delete it, anycast.ac erases the data within 30 days. API call logs may live a little longer (up to 12 months) for billing reconciliation and incident investigation, then they are erased too.

Servers and backups are located in compliance with the jurisdictions anycast.ac operates in. Data in transit is encrypted with TLS.

• Delete the account. From the profile page in the dashboard. Fastest path, terminates everything in one click.
• Email support@anycast.ac. Subject line "Revoke consent". Use the email address tied to the account so we can verify it.
• Telegram. Reply through the same Telegram chat that handles 2FA.

On revocation anycast.ac stops processing and erases data within 30 days. Some service features become unavailable afterwards — the account is gone, you can't sign in.

Technically, consent is the checkbox on the registration form. When I tick it and submit, the server records:

• the exact timestamp (second precision);
• the IP address that submitted the form;
• the browser User-Agent string;
• the version of this consent document I accepted;
• my newly created user id (so the consent is tied to the account).

Those entries live in a separate audit table for the lifetime of the account plus a short cool-down after deletion, so we can answer disputes about whether consent was given.

• see what data anycast.ac holds about me;
• have it corrected if anything is wrong;
• have it deleted (account removal);
• revoke this consent at any time, on the channels in §5;
• complain to the relevant data-protection authority if anything goes sideways.