Locs.Club

Account Registration: Your username, email address, password hashes, and phone numbers if provided during signup.

Profile Information: Public avatars, bio, banner images, and content published on your Locs Journey timeline.

IM Messaging Payloads: Real-time private message text, voice notes, and images sent through our IM protocol (messages are stored securely to enable sync across your logged-in clients).

File Uploads: Shared files, attachments, and offline files uploaded directly to our media/file server buckets.

Technical & Device Data: IP addresses, browser agent headers, and device identifiers collected to detect registration abuse and enforce API rate limits.

Core Communication: Routing and syncing your text, voice, and file messages through our server backend.

Loctician Consultations: Displaying structured intake forms, hair profiles, and service quotes within chat contexts.

Anti-Abuse & Rate Limiting: Preventing DDoS, verification-code spamming, and automated bot registrations using in-memory request trackers.

Community Moderation: Processing user reports against spam, explicit content, or scammers, allowing for rapid admin-mediated takedowns.

Secure Transactions: Integrating Stripe payment tokenization for consultation deposits (we never see or store your raw credit card numbers).

Sandbox Domain: All user-uploaded media and files are hosted on a sandboxed subdomain (e.g., files-sandbox.locs.club) separate from our main portal.

Cookie Isolation: Our main authentication cookies are configured as Host-Only, preventing scripts running in the file sandbox from accessing your session.

Strict File Headers: All downloads are served with "Content-Disposition: attachment" and "Content-Security-Policy: default-src 'none'; sandbox;" to block execution of HTML or JavaScript payloads.

Built-in Lifecycle Cleaning: Offline file transfers are subject to automated lifecycle rules and are physically deleted from our servers after 7 days.

Cloudflare Turnstile: Utilized on registration and login pathways for human verification (no user tracking, fully GDPR compliant).

MinIO: An open-source object storage solution hosting user media and files within our private infrastructure.

Stripe: Processes all credit card billing and deposit payouts in compliance with PCI-DSS standards.

Account Deletion (注销账号): You have the right to permanently delete your account at any time. Upon request, we will sanitize your personal identifiers (email, phone, avatars), scramble your credentials, and remove your profile from public discovery.

Data Portability: You may request a copy of your personal data by contacting our support team.

Audit Logs: Server access and security logs are retained for 6 months (180 days) for regulatory compliance and security tracing.

Message History: Stored until you delete individual messages, clear chat histories, or delete your account.