The Lotus Pod
Terms of ServiceSign In

Privacy Policy

Effective Date: March 11, 2026 · Last Updated: March 11, 2026

The Lotus Pod (“Platform,” “we,” “us,” or “our”), operated at lotuspod.net, is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

1.1 Information You Provide

DataWhen Collected
Email address, username, password (hashed)Account registration
Display name, bio, location, favorite artists, avatar imageProfile setup (optional)
Chat messages, forum posts, direct messagesWhen you communicate on the Platform
Reviews, tier list rankingsWhen you create content
Marketplace listings, offer details, shipping addresses, transaction messagesWhen you use the Marketplace
Gallery images (photos, art)When you upload to the Gallery
Reports, dispute descriptionsWhen you file reports or disputes

1.2 Information Collected Automatically

DataPurpose
IP addressRate limiting, abuse prevention
Online/offline status, last seen timestampPresence indicators (controllable via privacy settings)
Session tokens (JWT)Authentication
Theme preferenceStored locally and on your account to persist your UI preference

1.3 Third-Party Data

If you connect your Spotify account, we receive an access token and refresh token that allows us to display your currently playing track on your profile. We do not access your Spotify playlists, library, or other account data beyond what is needed for the “Now Playing” feature. You can disconnect Spotify at any time in Settings.

2. How We Use Your Information

We use your information to:

  • Operate the Platform — authenticate your account, deliver messages, display content, and enable features like chat, forum, marketplace, reviews, and gallery.
  • Facilitate Marketplace transactions — connect buyers and sellers, display shipping information to transaction participants, and support dispute resolution.
  • Send notifications — friend requests, mentions, offers, forum replies, and system announcements (delivered in-app; we do not send marketing emails).
  • Send transactional emails — email verification, password resets, and critical account notifications only.
  • Moderate content — review reported content, enforce our Terms of Service, and maintain community safety.
  • Prevent abuse — rate limiting, detecting spam, and enforcing bans.
  • Improve the Platform — understand usage patterns in aggregate to improve features and fix bugs.

3. What We Do NOT Do

  • We do not sell, rent, or share your personal information with third parties for marketing purposes.
  • We do not serve advertisements or use advertising trackers.
  • We do not use your data to build advertising profiles.
  • We do not send marketing or promotional emails.
  • We do not use third-party analytics services that track individual users (e.g., Google Analytics).

4. How We Store & Protect Your Data

  • Passwords are salted and hashed using bcrypt. We never store plaintext passwords.
  • Sessions are managed using signed JSON Web Tokens (JWT).
  • Images are processed server-side (resized, stripped of EXIF metadata for privacy) before being stored on Cloudflare R2 cloud storage.
  • Database is PostgreSQL with encrypted connections.
  • Transport — all traffic is encrypted via HTTPS/TLS.

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing & Disclosure

We may share your information only in the following circumstances:

  • With other users — your public profile information (username, display name, avatar, bio, location, favorite artists) is visible to other authenticated users, subject to your privacy settings. Marketplace transaction details (shipping address, payment info) are shared only with the other party in a transaction.
  • With service providers — we use Cloudflare (CDN and image storage) and an email delivery service for transactional emails. These providers process data on our behalf and are contractually bound to use it only for that purpose.
  • Legal compliance — we may disclose information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect the safety of any person, prevent fraud, or protect our legal rights.

6. Your Privacy Controls

The Platform provides granular privacy settings in your Settings page:

SettingWhat It Controls
Online StatusToggle whether others can see when you are online or your last seen time
Activity FeedToggle whether your activity appears in the community dashboard feed
Friends List visibilityEveryone, Friends Only, or Only Me
Reviews visibilityEveryone, Friends Only, or Only Me
Marketplace Listings visibilityEveryone, Friends Only, or Only Me
Gallery visibilityEveryone, Friends Only, or Only Me
Tier Rankings visibilityEveryone, Friends Only, or Only Me

These settings are enforced server-side; they are not cosmetic.

7. Data Retention

  • Account data is retained as long as your account is active.
  • Chat messages and DMs are retained on the server to provide message history. Users may delete individual conversations.
  • Forum posts are retained to preserve thread continuity. Authors may edit their posts; admins may delete posts.
  • Marketplace listings and transaction records are retained for dispute resolution purposes and may be kept for a reasonable period after completion.
  • Deleted content — when you delete content (gallery images, listings, messages), it is removed from active display. Uploaded images are deleted from cloud storage. Database records may be soft-deleted and purged periodically.
  • Account deletion — you may request account deletion by contacting an administrator at admin@lotuspod.net. Upon deletion, your personal data will be removed, though some content (e.g., forum posts) may be anonymized rather than deleted to preserve community discussions.

8. Cookies & Local Storage

We use minimal client-side storage:

  • Session cookie — a secure, HTTP-only cookie containing your authentication token. This is essential for the Platform to function.
  • Local storage — your theme preference and sidebar cache. No tracking data is stored.

We do not use third-party cookies, advertising cookies, or tracking pixels.

9. Image Processing & EXIF Data

When you upload an image (avatar, gallery, chat, marketplace, or forum), we automatically process it server-side using the Sharp library. This processing includes resizing, format conversion, and stripping all EXIF metadata (including GPS location data, camera information, and timestamps). This means photos you upload will not expose your location or device information to other users.

10. Children’s Privacy

The Platform is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at admin@lotuspod.net and we will promptly delete the account.

11. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. By using the Platform, you consent to this transfer.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update or correct inaccurate personal data (most of this is self-service via Settings).
  • Deletion — request deletion of your account and personal data.
  • Data portability — request your data in a machine-readable format.
  • Objection — object to certain processing of your data.

To exercise any of these rights, contact us at admin@lotuspod.net. We will respond within 30 days.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting a notice on the Platform. Your continued use after changes take effect constitutes acceptance.

14. Contact

For privacy-related questions or requests, contact us at: admin@lotuspod.net