Platform Integrity & Why We Keep 90-Day Logs

There is a tension at the heart of every platform that facilitates real-world human contact. On one side: privacy, which I believe in deeply. On the other: accountability, which I also believe in deeply. These two values are not opposites. But the architecture of your system forces you to decide, very precisely, where you draw the line.

Here is where I draw it for Double Stop.

When you create a post, you do not need an account. You do not upload a photo. You do not hand over a phone number. The post expires after one hour, and when it does, the public-facing record is gone. That is how I want it. The whole point of the platform is spontaneity — a light signal, not a permanent profile.

But "gone from the feed" does not mean "gone entirely." For exactly 90 days after a post expires, I retain the technical metadata associated with its creation. Specifically: a hashed IP address. Not your name. Not your email. Not your location. Just the network fingerprint that any server on the internet would see when you make a request to it.

Why 90 days? Because if something genuinely bad happens — harassment, impersonation, a credible threat — 90 days is a reasonable window for a law enforcement request to arrive, be processed, and be actionable. After that window closes, the record is permanently purged. Automatically. No exceptions. A cron job runs every night at 03:00 UTC.

This is not a hidden policy. It is documented in the Privacy Policy, in the Terms of Service, and now here.

I want Double Stop to be a platform where you feel genuinely private. I also want it to be a platform that cannot be used as a consequence-free environment for the tiny minority of people who would try to use anonymity as a shield for harm. These goals are compatible. They require deliberate architecture choices, not vague promises.

Privacy and accountability are not enemies. They are design constraints. And I am comfortable with how I have balanced them here.

— Aki