Home » News » Alphabay Published a Privacy Policy
Click Here To Hide Tor

Alphabay Published a Privacy Policy

As far as i can recall, Alphabay is the first market to ever publish a full “privacy policy” clarifying its data retention policies:

Post was originally published on Alphabay’s forum at this link: http://pwoah7foa6au2pul.onion/forum/index.php?threads/alphabay-updated-privacy-policy.76749/

Alphabay’s Updated Privacy Policy:

Alphabay Market places a strong emphasis on the security of its users and takes the best possible measures to mitigate risks associated with data leaks, server seizures, and account infiltration. This will detail how each of your information is kept. If you accidentally post incriminating information, refer to the section below to know the associated risks.

When information gets deleted after a certain number of days, it is always hard deleted and unrecoverable. We do not keep any trace of information that claims to have been deleted. Additionally, we keep no record of user movement, and all access logs show IP

User Accounts

User accounts are kept indefinitely and cannot be deleted. However, we do not keep records of previous profile or password / PIN edits. While deleting an account is not possible, editing your profile or contact information will make the previous versions unrecoverable as it will get overwritten in the database.

Private Messages

Private messages (PM) sent by users are, by default, kept indefinitely. However, if both users delete their copy of the conversation, or decide to leave the conversation using the Leave Conversationbutton, the whole conversation, including the messages, will be hard deleted and unrecoverable. No trace of the conversation will be kept, and no analysis can prove that it ever existed.

Sale & Order Data

The buyer and seller notes in an order are kept for 30 days after completion of the order. Completion occurs either when the dispute is resolved, the order finalized, or the order cancelled. When an order is archived, the notes are still subject to the 30-day rule. The following information will be retained indefinitely:

– Buyer and seller username
– Listing refund policy
– Price, and postage price
– Creation, shipping, and finalization dates

Deposit and withdrawal information

When you make a deposit, or withdraw coins, the following information will be kept for 10 days:

– Deposit or withdrawal address
– Bitcoin transaction ID

Deposit addresses are kept for 8 days following the first deposit. Every 72 hours, we have an automated task that fetches required addresses from the database (deleted addresses are not included), and recreates the wallet files from scratch. This ensures that once an address expires, no forensics analysis on the Bitcoin servers can prove that this address has ever been under our control. This process ensures true tumbling and ensures that no service can profile our wallets.

The following information will be kept indefinitely, for accounting purposes:

– Deposit or withdrawal amount
– Execution date and time (timestamp gets randomly altered to prevent blockchain correlation)

Autoshop data

Data sold in the autoshop is retained for as long as it is not sold. If the seller deletes its data from the autoshop, no record is kept. Sold cards will be retained for 30 days after the sale date, and will then be permanently deleted. We retain the following information for accounting purposes:

– Sale date and time
– Sale price


Listings are kept indefinitely, even after deletion, for consistency purposes. We do not keep records of previous edits, however each sale will include a copy of the refund policy to prevent edit-scams, which will be retained indefinitely. Previous postage options will be retained forever for accounting purposes.


We do not keep track of API calls. There is no way to find out if a request was made through the site or through the API. We do not keep records of deleted API keys.

Favorites / Blacklists / Reports

When you remove a listing from your favorites, no record is kept. When you remove a user from your blacklist, no record is kept. Once a listing report gets resolved, no record is kept.


Feedback is retained indefinitely, however only 2 characters from the username are visible, and the price is hidden. Staff members can view the full feedback data on a user profile.


Contract data is kept indefinitely in the database, in order to keep it possible to be referred to in the future.

One-time passwords (OTP)

Once a OTP has been used once, deleted, or expired, no record is kept.


Notifications are deleted after 14 days, whether they are read or not. Notifications sent over Jabber are kept in our database for 3 days.

Support Tickets

Support ticket message content will be kept for 15 days. The following information is retained permanently:

– Support ticket title
– Username and date

Staff protection

Staff members need the approval of administration before accessing order notes or taking over a dispute. This ensures that a rogue staff member cannot scrape the whole marketplace sale data to use it for malicious purposes. Once an administrator grants access to a staff member to a specific sale number, the staff member can read the notes, or take over the dispute, depending on the access level requested.


  1. SE Hardened & No alpha for me

    This is Alphabay’s snitch files. Since I can remember they do not ever delete a damn thing. Even when both users remove. I know this for a fact. Lastly, the API, your source was not the only one looking into things using it. Bottom line they have amateurs running their security. On top of fools on reddit who likley do not bother with proper SE hardening let alone tor or even a simple vpn for support.

    They will hire anyone and allow them top listings, FE you name it. It is a bad thing going to happen. API….Fools. I am a Cisco Certified Security Audit and Pentester. I can tell ya that AlphaBay has a hole and holes draining water. It is API Whoever trusts that is a person who should be taught the lessons. Alpha is ran by Putins Intel, in Russia. It will be American & NATO members they can and will fuck first. I went to them the day after the API went live about what I did, I offered my services free they said in so many words…. piss off. Alpha owners let literally amateurs run the place. Lucky I am ethical or I would and could have drained he polace and I still have over 500 vendor/buyer convos. They talk all in clear. most did except the pros since SR1

    • hack them then!! wtf? i hate ppl like u only TALK on comments…. alphabay has PRO security MOSt secure website on clearnet and darkweb even more than agora which got hacked before..
      say something worth it or fak off m8

    • Cisco Certified Security Audit and Pentester means nothing to me, it sounds to me like skiddies. Until you have published 0 days before, your whatever postition doesn’t make you an expert, it literally means nothing, nill. my cat could have your position.

  2. respekted_vendor

    i LOVE AB ! best and biggest market!! never had a problem all our customers are happy!!

  3. Alphabay is SHIT, a real SHIT and you will regret it if you try to buy anything.. Don’t even think about this shitty market

  4. AB is top market no matter what u shitheads saying. staff always sort out issues and very friendly scamwatch team

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *