PROTOCOL: ZERO-KNOWLEDGE
DATA RETENTION: NULL
Most websites have a Privacy Policy that explains how they manage your data. We have a No-Data Policy. We believe that the only way to keep data safe is not to collect it in the first place.
When you visit Drughub Wiki, you are interacting with a static HTML generator served via a hardened Nginx configuration designed to strip all metadata headers.
We have disabled standard access logs (access.log) and error logs (error.log) on our servers. This means:
In the event of a server seizure, there is no history to analyze.
This website does not use tracking cookies, pixels, or analytics beacons (like Google Analytics or Facebook Pixel). We do not use persistent local storage to track your sessions.
Any interactive elements (such as the Checklist on the Security page) use temporary volatile memory that is cleared the moment you close the tab.
Our infrastructure runs on "Bare Metal" servers utilizing RAM-disks for the operating system. We do not use traditional hard drives (HDD) or solid-state drives (SSD) for storage of the web server root.
Result: If the server loses power or is physically removed from the rack, all data instantly vanishes. This is known as "Pluasible Deniability" architecture.
We do not load scripts from CDNs (Content Delivery Networks) like Cloudflare, Google Fonts, or jQuery. All assets (CSS, Images, Scripts) are self-hosted. This prevents third parties from "fingerprinting" your visit through cross-site request correlation.
While the Tor network provides end-to-end encryption by default, our clearnet mirror (if you are accessing via regular web) forces HTTPS using TLS 1.3 with a strong cipher suite. We employ HSTS (HTTP Strict Transport Security) to prevent downgrade attacks.
All sensitive information provided on this site, specifically the Drughub Mirrors, is verifiable via PGP signatures. We encourage users to verify these signatures independently. We do not hold the private keys to the market itself.
Because we do not collect email addresses or user data, we cannot "respond" to privacy inquiries in the traditional sense. If you wish to contact the administration regarding a technical error, you must do so via the PGP-encrypted channel listed on our future Contact page.