ContextMod / Devvit — Privacy Receipt

Every history field this rule engine touched in the last 24h, where it lived, and when it disappears. Generated from the rule AST — not marketing.

OAuth scope diff · legacy → Devvit

Legacy PRAW bot7 scopes

history
read
modposts
modcontributors
edit
wikiread
identity

Devvit port2 scopes

modposts (installed sub only)
read (installed sub only)

−5 scopes removed no cross-sub OAuth no VPS, no logs on disk history reads now bounded: last 90 items, hashed

Data touched today

Authors evaluated

1,284

Raw bodies stored

Egress bytes

HMAC−SHA256 author hashes · TTL 30d 4,812 / 50,000

storage: Devvit Redis key: cm:auth:<hmac>:rule:<id> PII fields: 0

Rule trace · last 1h (redacted)

recent_activity_in_banlist_subs → report

author u/<hmac:9f3a…c12>/matched 2/8 subs/history window 90 items/ttl 30d/action: report

repeat_offender_window → modmail

author u/<hmac:01b7…ff4>/3 prior actions in 14d/history window 30 items/ttl 14d/action: modmail

karma_floor → filter

author u/<hmac:7c92…a08>/combined karma below threshold/history not fetched/action: filter

All author identifiers above are derived via HMAC−SHA256(authorId, install_secret). The install_secret never leaves the Devvit sandbox; the unhashed username is unrecoverable from this log.

install.json · what mods sign

app: contextmod-devvit@0.4.0
scopes:
  - modposts   # installed sub only
  - read       # installed sub only
storage:
  backend: devvit.redis
  retention: 30d # mod-configurable, min 24h
  pii: none
  author_id: hmac-sha256
network:
  egress: []      # no fetch() allowed
  telemetry: off
dsar:
  erase_on_request: true
  turnaround: < 60s

One-click DSAR. Returns: every hashed record matched, action timestamps, then purges. Mods can paste the receipt straight into modmail.

data residency: Reddit Devvit sandbox · us-east | build: 0.4.0+r-20260507T172110 | signed: ed25519:9f3a…c12

Privacy receipt · r/Anime_Titties install

OAuth scope diff · legacy → Devvit

Data touched today

Rule trace · last 1h (redacted)

install.json · what mods sign