Privacy Policy

ExtenSilica is a public package registry for .xsil packages. This policy explains what data we collect, why we collect it, how we store it, and your rights with respect to it.

Our analytics model is intentionally package-centric, not user-surveillance-centric. Download statistics track which packages and versions are downloaded and on which day — not who downloaded them. No user identity is attached to download events.

1.1 Account registration

When you create an account we collect:

• Username — public identifier for your account and packages.
• Email address — used for account management and security notices. Never exposed publicly.
• Password — stored as a bcrypt hash (rounds ≥ 12). We never store or transmit your password in plaintext.
• API token — a random opaque token generated at login and used to authenticate CLI requests. Stored as a unique token; you can invalidate it at any time by logging out.
• Optional profile fields — bio text and avatar URL, if you choose to add them. Both are public.

1.2 Package publishing

When you publish a package we record:

• Package metadata: name, slug, description, version, ISA, targets, toolchain, license, keywords, README, repository URL, changelog.
• Honest-classification fields you set on the package: standardStatus (ratified / draft / vendor / research / custom) and authority (free-text spec authority). These are public and rendered on the package page.
• The .xsil archive file, stored in blob storage.
• SHA-256 checksums of the archive and its non-manifest payload (computed client-side by the CLI and verified on the server).
• Publish timestamp and the authoring account ID.
• A server-set portStatus recording how the package was put on the platform (seeded for catalog-seed bot publishes, claimed after an approved ownership request, official after admin identity verification, etc.). This field is never read from the manifest you upload.

1.2.1 Catalog-seeded packages. A subset of packages on ExtenSilica are auto-published by us using a designated catalog-seed bot account sourcing content from public upstream repositories. The bot account is operated by ExtenSilica staff; no third-party account data is involved. Packages it publishes carry the upstream author’s attribution (as visible in the upstream repository) and are clearly badged seeded in the UI. See Terms § 3 for the policy and DMCA § “Seeded packages” for the upstream-maintainer claim flow.

1.3 Download events

When a .xsil file is downloaded we record a daily bucket: package ID, version ID, date, and download count. No user identity, IP address, or user-agent string is stored in this bucket. Download statistics are used solely to display per-package and per-version counters on the registry website.

1.4 Server access logs

Our web servers produce standard HTTP access logs that include IP address, requested URL, HTTP method, response code, and timestamp. These logs are used for security investigation and service diagnostics and are purged after 30 days.

1.5 Reviews

When you submit a package review we store your user ID, the package ID, your rating (1–5), and your optional comment. Reviews are public and attributed to your username.

1.6 Organizations

When you create or join an organization we store the organization slug, display name, optional description, optional avatar URL, and membership records (which user belongs to which organization, in what role — owner, admin, or member). Organization names, slugs, descriptions, avatars, and the public list of members are visible on the organization profile at /orgs/<slug>. Email addresses of members are never exposed through the organization page. Packages published under a scoped slug (@org/pkg) are attributed to the organization in the registry index.

1.7 Wizard generation

The Extension Wizard (POST /wizard/generate and xsil new) builds a .xsil skeleton on demand. The web endpoint does not persist your wizard input; the request body is used in-memory to assemble the archive that is streamed back to your browser, then discarded. Standard server access logs (see 1.4) record the request URL, status, and timestamp without the body. The CLI variant runs entirely on your machine — no input or output leaves your host.

1.8 Ownership requests

When you file a Request authorship for a package we store: the requesting user ID, the target package ID, the free-text reason you provide, optional evidence URLs (e.g., upstream repository, commit-signing GPG key, domain proof), the request status (pending, approved, rejected, withdrawn), and — once a decision is made — the deciding admin’s user ID, the decision timestamp, and an optional decision note. The reason, evidence URLs, and decision note are visible to ExtenSilica platform admins reviewing the request. The summary of approved requests (who now owns which package) is public, as it is reflected in package ownership; the underlying reason, evidence URLs, and decision notes are not.

• Account data (username, email, password hash, API token) is used to authenticate you, associate packages with your account, and contact you about security issues related to your account.
• Package metadata and files are indexed and made publicly available through the registry website and API.
• Download event data is aggregated to display download counts on package pages. It is not used for user profiling or advertising.
• Server access logs are used to investigate abuse, diagnose service outages, and monitor for unusual traffic patterns that may indicate an attack.

We do not use your data for advertising, sell it to third parties, or share it with any analytics or marketing service.

The following information is visible to anyone who visits the registry, with or without an account:

• Your username and optional bio / avatar.
• All packages you have published, including their full version history, metadata, download counts, and README content.
• Reviews you have written, attributed to your username.
• Ownership transfers resulting from approved authorship requests (the fact that user X is now the owner of package Y is public). The textual reason and evidence URLs you submitted in the request are not public — only platform admins see them.

Your email address is never publicly exposed. It is not included in any API response or public profile page.

We take reasonable technical and organizational measures to protect your data:

• Passwords are hashed with bcrypt (min. 12 rounds).
• API tokens are random, opaque strings stored in the database. Tokens are transmitted over HTTPS only.
• Package archive checksums are verified by the server on upload and by the CLI on install and run. Tampered or corrupted files are rejected.
• Access to production infrastructure is limited to authorized maintainers.

No security measure is perfect. If you discover a security vulnerability, please disclose it responsibly via the project’s GitHub repository before making it public.

• Published package artifacts and metadata are retained indefinitely. Version immutability is a core guarantee of the registry; users and tools that depend on packages must be able to reproduce their builds at any future time.
• Account data is retained for as long as your account exists. You may request account deletion at any time (see Your Rights below). On deletion we remove your email, password hash, and API token. Your username and published packages remain in the registry under your username to preserve authorship attribution.
• Server access logs are automatically purged after 30 days.
• Download event buckets are retained indefinitely as aggregate counters (no personal data is stored in them).
• Ownership request records (reason, evidence URLs, decision notes) are retained for audit purposes as long as the associated package exists. If you close your account they remain associated with the (now-anonymous) user ID; you may request their removal at the time you close your account.

ExtenSilica does not set advertising cookies, cross-site tracking cookies, or fingerprinting scripts. No third-party analytics scripts (Google Analytics, Mixpanel, etc.) are loaded on any page.

The website uses a single session mechanism: an API token stored in localStorage by the browser after you log in. This token is sent with authenticated API requests only. It is not a cookie and is not shared with any third party.

File storage. .xsil archive files are stored in an S3-compatible object store. The storage provider processes file upload and download requests. We do not share personal account data with the storage provider; it receives only the file bytes and associated path.

Beyond file storage, we do not integrate any external services that receive personal data. The registry is self-hosted.

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (e.g., update your email or bio in your account settings).
• Delete your account and the personal data associated with it (email, password hash, API token, bio, avatar). Note that published package artifacts and metadata cannot be deleted due to immutability guarantees and dependency considerations.
• Withdraw consent at any time by ceasing to use the Service and requesting account deletion.

To exercise any of these rights, open an issue or contact us via the project’s GitHub repository. We will respond within a reasonable time.

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be announced via the project’s GitHub repository and reflected in the “Last updated” date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

If you participate in the optional XSIL contributor program, we store off-chain grant records (amount, reason, reference, status) and aggregate balances tied to your account. If you choose to link an Ethereum-compatible wallet, we store the verified address and link timestamp for claim workflows. We do not custody private keys.

Privacy questions: [email protected]. Account and data requests: [email protected] or submitted via the project’s GitHub repository. We will respond within a reasonable time.