Privacy Policy

Data tied to your account is kept to an absolute minimum:

• ›Email address — used for login, password recovery, and critical Service notifications.
• ›Password hash — bcrypt with a cost factor of 12. Plaintext passwords are never stored and cannot be recovered.
• ›API key — the credential that authenticates your requests. Revocable at any time from the dashboard.
• ›Credit balance — the number of unused credits on your account.
• ›Solve metadata — target URL, elapsed time in milliseconds, success flag, and timestamp. Used only for your own dashboard history.
• ›Server logs — client IP address, HTTP method, and request path. Retained 14 days for abuse detection and incident response.

We explicitly do not collect, store, or process any of the following:

• ›The HTML, JavaScript, or response body content of any target page you solve against.
• ›The cookies or tokens returned to you after a successful solve — these are transient and discarded immediately after the response is sent.
• ›Browser fingerprints, device identifiers, or telemetry data.
• ›Advertising or third-party analytics events. There are no tracking scripts on this site.
• ›Payment card data. When you purchase credits, payment is processed entirely by our billing partner; we only receive confirmation of a successful charge.

Your data is used solely to operate the Service: authenticate API requests, deduct credits, enforce rate limits, render your dashboard, respond to support inquiries, and investigate abuse. It is never sold, rented, or disclosed to third parties except when legally compelled by a court order.

We set exactly one cookie: a session cookie used to keep you logged in to the dashboard. It is marked HttpOnly, Secure, and SameSite=Strict, and contains an opaque session identifier linked to your account in our database. It expires after seven days of inactivity or when you log out.

No advertising cookies, no analytics cookies, no third-party cookies anywhere on this site.

• ›Account data — retained as long as your account is active. Deleted within 30 days of account closure.
• ›Solve history — individual records retained for 90 days, then aggregated into anonymous statistics and per-request rows purged.
• ›Server access logs — rotated every 14 days.
• ›Billing records — retained for the minimum period required by applicable tax and financial reporting laws.

All traffic to the Service is encrypted with TLS 1.2 or higher. Passwords are hashed with bcrypt at a cost factor of 12, and API keys are stored as hashes — even a full database dump would not expose working credentials. The Service is fronted by Cloudflare for DDoS protection and runs behind a hardened reverse proxy with strict CSP, HSTS, and input validation.

No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users within seventy-two (72) hours of confirming the incident.

The Service relies on a small number of infrastructure providers:

• ›Cloudflare — reverse proxy, DDoS mitigation, and edge caching.
• ›Residential proxy providers — used as egress when our solver fetches the target page.
• ›Payment processor — handles credit purchases. We receive no card details.

We do not integrate any advertising networks, analytics SDKs, or third-party trackers.

Regardless of where you are based, you have the right to:

• ›Request a copy of the personal data we hold about you.
• ›Correct inaccurate information in your account.
• ›Request deletion of your account and associated data.
• ›Export your solve history in JSON format.
• ›Object to processing, withdraw consent, or restrict processing under GDPR and equivalent laws.

All requests are processed within thirty (30) days. See the Contact page for how to reach us.

VexSolver is not intended for users under the age of sixteen (16). We do not knowingly collect data from minors. If you believe a child has created an account, contact us and we will delete the account immediately.

We may revise this Privacy Policy when our practices change or when new laws require it. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced via email to active account holders at least fourteen (14) days before they take effect.