Right now the only payment method is PayPal. I'm pretty sure they supply you details like;
* Full name
* Bank account or credit card details
Which of these do you keep please?
Are they stored in a database co-located with the accounts database?
I currently use less than 300k queries a month. However I want to support this service.
As an anonymous user the worst that could happen if attacker got access to your systems is for them to get:
* my registered email address (it's unique for this site)
* a (salted?) hash of my password (it's unique for this site)
* IPs I have queried from (there are multiple)
*my DNS query history (based on the logging duration I choose).
Losing that information wouldn't be ideal but I'm still somewhat anonymous.
By subscribing there's the risk of my private details being exposed in context with my DNS queries. I'm hoping that you collect as few of them as you must.
"We use the following services as processors, as defined by the GDPR and similar regulations."
Which then details each payment service (more than just PayPal now)
Is this a way of saying we should check their privacy policies?
Could you add direct links to each policy please?