Privacy Policy

Overview
Information We Collect
How We Use Your Information
Data Storage & Security
Cookies & Tracking
Third-Party Services
Your Rights
Data Retention
Children's Privacy
Changes to This Policy
Contact Us

1. Overview

Kernel Mirror is a platform dedicated to providing secure access to Linux kernel versions with PGP signature verification. We are committed to protecting your privacy and being transparent about our data practices.

Our Commitment

We collect minimal information necessary to provide our services, and we never sell your personal data to third parties.

This Privacy Policy applies to all users of the Kernel Mirror platform, including:

Visitors browsing kernel versions
Users downloading kernel files
Registered members with accounts
Administrators and staff members

2. Information We Collect

2.1 Information You Provide

When you create an account or use our services, we may collect:

Account Information: Username, email address, password (encrypted)
Profile Data: Optional profile information, membership status
Authentication Data: Login credentials and session tokens

2.2 Automatically Collected Information

We automatically collect certain information when you access our platform:

Data Type	Purpose	Storage Duration
IP Address	Security, fraud prevention, session management	90 days
Browser Information	Compatibility, performance optimization	30 days
Session Data	Authentication, user experience	Session duration
Download Records	Usage statistics, service improvement	1 year
Error Logs	Debugging, platform maintenance	60 days

2.3 Technical Information

Device type and operating system
Browser type and version
Referring URLs and page views
Time zone and access timestamps

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

Authenticate users and manage user sessions
Provide access to kernel downloads and PGP signatures
Display kernel version information and changelogs
Process download requests and track usage statistics

3.2 Security & Protection

Prevent unauthorized access and fraudulent activities
Detect and prevent security threats and abuse
Monitor for suspicious patterns and malicious behavior
Implement IP-based rate limiting and access controls

3.3 Platform Improvement

Analyze usage patterns to improve user experience
Identify and fix bugs and technical issues
Optimize performance and loading times
Develop new features based on user needs

3.4 Communication

Send important service notifications and updates
Respond to user inquiries and support requests
Notify users about security issues or policy changes

Limited Data Usage

We only use your data for the purposes stated in this policy. We do not use your information for marketing or advertising purposes.

4. Data Storage & Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

Database Security: PDO prepared statements to prevent SQL injection
Password Protection: Passwords are hashed using secure algorithms (bcrypt/Argon2)
XSS Prevention: All output is sanitized using htmlspecialchars()
Session Security: Secure session management with IP validation
HTTPS Encryption: All data transmission is encrypted (recommended)
Access Control: Role-based permissions (Admin, Staff, User)

4.2 Database Storage

User data is stored in our MySQL/MariaDB database with the following protections:

Encrypted database connections
Regular security patches and updates
Access restricted to authorized personnel only
Regular automated backups

No Absolute Security

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

5. Cookies & Tracking

5.1 Session Cookies

We use session cookies to maintain your logged-in state. These cookies:

Are essential for authentication and security
Expire when you close your browser or log out
Store a unique session identifier (no personal data)
Are required for the platform to function properly

5.2 No Third-Party Tracking

Privacy-Focused Approach

We do not use third-party analytics, advertising cookies, or tracking pixels. Your browsing behavior is not shared with external services.

5.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential session cookies will prevent you from logging in and using authenticated features.

6. Third-Party Services

6.1 External Links

Our platform provides links to external resources:

Kernel Downloads: Links to official kernel.org mirrors
PGP Signatures: Links to cryptographic signature files
Documentation: Links to external technical resources

Third-Party Privacy

We are not responsible for the privacy practices of external websites. Please review their privacy policies before providing any personal information.

6.2 Service Providers

We may use trusted third-party service providers for:

Web hosting infrastructure
Database management services
Email delivery systems (if applicable)

These providers are contractually obligated to protect your data and use it only for specified purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 Access & Portability

Right to Access: Request a copy of the personal data we hold about you
Right to Portability: Receive your data in a structured, machine-readable format

7.2 Correction & Deletion

Right to Rectification: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restriction: Limit how we use your personal data

7.3 Objection & Withdrawal

Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within 30 days.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Category	Retention Period	Reason
Account Information	Until account deletion	Service provision
Session Data	Session duration only	Authentication
IP Address Logs	90 days	Security & fraud prevention
Download Statistics	1 year (anonymized)	Platform analytics
Error Logs	60 days	Debugging & maintenance

8.1 Account Deletion

When you delete your account:

All personal information is permanently removed from active databases
Anonymized usage statistics may be retained for analytical purposes
Some data may be retained in backups for up to 30 days before permanent deletion
Legal obligations may require retention of certain records

9. Children's Privacy

Kernel Mirror is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.

Age Restriction

If you are under 13 years old, please do not create an account or provide any personal information. If we discover that we have collected information from a child under 13, we will delete it immediately.

Parents or guardians who believe their child has provided us with personal information should contact us immediately using the contact information below.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

10.1 Notification of Changes

Material changes will be prominently posted on our platform
The "Last Updated" date at the top will be revised
Registered users may receive email notifications for significant changes
Continued use of our services constitutes acceptance of the updated policy

10.2 Version History

You can request previous versions of this Privacy Policy by contacting us.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Get in Touch

We're here to help with any privacy-related questions or concerns.

Email: privacy [AT] kernel [DOT] is

Response Time: Within 48 hours

Contact Privacy Team

11.1 Data Protection Officer

For European Union residents or GDPR-related inquiries, you may contact our Data Protection Officer:

Email: dpo [AT] kernel [DOT] is

11.2 Supervisory Authority

If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority.

Legal Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including GDPR (EU), CCPA (California), and other international privacy regulations. However, specific legal requirements may vary by jurisdiction.

Table of Contents