Europa

Privacy

What we hold, what we don't.

Effective 2026-05-20

Most of the directory touches no data we hold. The optional supporter membership is the one part that does. This page is honest about both halves.

Browsing the directory

The directory at europa.westernbtc.com is a static site. Browsing — listings, the map, filters — touches no database we keep. Everything you see is fetched from the open Nostr network directly by your browser and rendered locally. No analytics, no tracking cookies, no third-party runtime scripts.

What we still don't collect

  • No analytics — no Google Analytics, Plausible, Matomo, or first-party event tracking.
  • No tracking cookies. The only browser storage is described below.
  • No email, name, or address fields anywhere.
  • No credit-card data — payment is Bitcoin (Lightning or on-chain).
  • No third-party runtime scripts. The bundle is self-contained.

Data we store in your browser

  • The public ID you optionally paste into the recommendation-weighting box. Clearable from the UI.
  • If you sign in, your sign-in state (a reference to your browser extension, or the recovery key you pasted) lives in your browser's local storage so you stay signed in across reloads. Cleared by “Sign out” on /account.

We never write to a server based on those without your explicit action (recommend, report, claim trial, buy plan).

What server-side state exists (membership)

When you claim the free trial or pay for a supporter plan, we store the following in a Redis record shared across WesternBTC products:

  • Your public ID (the part of your account designed to be public).
  • Your membership expiration timestamp.
  • A flag for whether you've already claimed the 30-day trial.
  • The plan you bought (month / year) and the Bitcoin invoice ID.

That record is keyed by your public ID and shared across our products so a single supporter membership recognizes you anywhere WesternBTC runs something. No email, name, IP, or other personally identifying info is stored alongside it.

Recommending and reporting (whether you have a paid plan or not) leave no server-side record at WesternBTC — those are public events signed by your account and published to the Nostr network.

When you pay

The plan picker on /account hands off to our self-hosted Bitcoin checkout at btcpay.westernbtc.com. The checkout sees:

  • Your IP address (it's the host serving the invoice).
  • The Lightning invoice or on-chain Bitcoin address you pay to.
  • The plan, your public ID, and an order ID we generate.

When the invoice settles, the checkout notifies our membership service, which extends your supporter status by the right number of days. No card data, no email, nothing recurring.

What the Nostr network sees

The directory works by your browser talking to public Nostr servers (relays). Those servers see:

  • Your IP address (they see your connection, like any web server).
  • What you query for — listings, recommendations, reports.
  • If you've set a public ID or signed in: queries that include your public ID, so other clients can find your follows.
  • If you're signed in: anything you publish — recommendations, reports, profile updates.

The default set of Nostr servers includes WesternBTC's own plus several public ones. Each is operated independently with its own retention practices.

Recommendations and reports you publish are public Nostr events — once published, they propagate across the network and there's no central delete button. You can replace a recommendation list with a newer one that drops the entry, and clients that respect the newer version will hide the old recommendation; older copies may still exist somewhere.

What URLs contain

The operator detail page lives at /operators/detail?npub=…&d=…. The operator's public ID and listing identifier are in the URL, which means they go into your browser history and any referrer headers your browser sends. We don't see those. Your browser does.

What operators see

When you buy VPN access, you connect directly to the operator's checkout — not through this site. From that point on, the operator's privacy practices apply, not ours. (See Get started for what an operator sees during the purchase and tunnel session.)

What our image host sees

The site's images (profile pictures, branding, the world-map data) load from our image host. It sees your IP, like any image server. It can't see what you do on the page — the assets are static, and all dynamic queries go to the Nostr network or our own API from your browser.

If you want zero residue

  1. Visit via Tor Browser (default settings).
  2. Don't set a public ID in the recommendation box, don't sign in.
  3. If you do sign in, sign out when you're done — clears local storage.
  4. If you took the trial or paid plan, the membership record is keyed by your public ID. You can't make us forget it (we don't have a delete endpoint today), but it expires when your plan runs out.
  5. Clear your browser history if URLs containing operator public IDs concern you.

Changes to this policy

We update this page when something material changes. The effective date at the top tracks the most recent change. The full edit history is in git (github.com/WesternBTC) — public, append-only, no quiet rewrites.

Terms of useAbout the marketplace