Privacy Notice

Plain English. If anything below isn't clear, email [email protected].

What we collect

• Your queries — the actual text you send.
• An anonymized network token — see "How we anonymize" below. This is not your IP and cannot be reversed back to you.
• Timestamps — when each request happened.
• Operational metadata — response times, error codes, and similar diagnostics needed to keep the service healthy.

What we don't collect

• No accounts. There is no login. We don't know who you are.
• No personal information beyond approximate network location (a /24 range, see below).
• No tracking cookies. No third-party cookies of any kind.
• No cross-site tracking. We don't follow you anywhere else on the web.

How we anonymize

Privacy is built into the architecture, not promised by policy. Here's exactly what happens to your IP address when you make a request:

• Our edge proxy (nginx) coarsens your IP before substrate ever sees it: IPv4 addresses lose their last octet (so 203.0.113.45 becomes 203.0.113.0); IPv6 addresses keep only the first 48 bits.
• The coarsened address goes through a one-way HMAC-SHA256 hash, keyed with a secret that rotates every 24 hours.
• The result is a 16-character opaque token. The same network produces the same token within a 24-hour window. After 24 hours, the token rotates and the mapping is irrecoverable, even by us.
• The raw IP is dropped from memory immediately at the edge. It is never written to disk.
• Our nginx access logs do not record IPs, user agents, or referrers either.

Practical effect: the most we (or anyone with our database) can ever say is "in the last 24 hours, this approximately-256-host network produced these queries." That's enough to catch obvious abuse. It is not enough to identify you.

Why we collect it

• To operate the service — route your queries and return responses.
• To prevent abuse — rate-limit at the network level so no one can hammer the service.
• To improve quality — find coverage gaps in our knowledge base, identify and fix bugs.

Legal basis (EU users, GDPR Art. 6)

Our legal basis for processing the data above is legitimate interest — operating, securing, and improving a free public service. Because anonymization is architectural rather than policy-based, the data we hold is not personal data in the GDPR sense after it leaves the edge.

Retention

• Query logs: 90 days, then deleted.
• Network tokens: rotate every 24 hours; old tokens become unmappable.
• Construction logs (records of how we built parts of our knowledge base): retained on the same 90-day schedule.
• Rate-limit state: per-network token timestamps within the current 24-hour window only.

Your rights

Because we don't link data to individuals, individual data subject requests (access, deletion, portability) cannot be fulfilled — there's no record we could pull back to you. This is a deliberate design choice: we believe the strongest privacy guarantee is the data we never had in the first place.

If you want to stop the service from processing data about you, simply stop using it. After 24 hours the daily token rotation breaks any link between past and future tokens.

If you have questions or concerns, email [email protected].

Third-party services

• No external CDNs. All assets (scripts, stylesheets, fonts) are served from our own servers. Loading this page does not contact any third party.
• No analytics services. No Google Analytics, no Meta Pixel, no anything similar.
• No advertising networks.
• When the service falls back to Wikipedia for content it doesn't yet have curated, the request is made by our server, not your browser. Wikipedia never sees your IP.

Changes to this notice

We may update this notice. Material changes will be noted at the top of this page. Continued use after a change means you accept it.

Contact

[email protected]

See also

• Terms of Use
• Open-source acknowledgments