Privacy Policy

Documentation of data handling protocols and user privacy standards.

Last Updated: March 2026

Privacy Methodology

This policy reflects the same moral principles taught within the application. Data belongs to the user, privacy is the default state, and technology is utilized to support autonomy rather than exploitation.

Core Commitments:

  • Local-first architecture: Data persistence occurs on the user's device unless explicit synchronization is selected.
  • Anonymous operation: Full functionality is available without account creation.
  • Zero cookies: No cookies are utilized by this platform.
  • Absence of tracking: Behavioral monitoring and user profiling are inactive.
  • Transparency: Explicit documentation of all data handling practices.
  • User control: Decisions regarding data sharing and deletion remain with the participant.

Data Collection Analysis

Excluded Data

Cookies: Omitted entirely.
Behavioral profiling: No monitoring of user activity or interests.
Device fingerprinting: Identification of unique hardware is not performed.
Location tracking: Collection of geographical data is inactive.
Social media integration: Access to social networks is not required or utilized.
Browsing history: Monitoring of external site visits is not performed.
Advertising data: Collection for commercial purposes is omitted.
Personal information: Collection is limited to essential functional requirements.

Minimal Functional Data

1. Assessment Data (Local Persistence)

  • Description: Participant responses and calculated scores.
  • Storage: Browser-based IndexedDB on the user's hardware.
  • Purpose: To facilitate results reporting and track individual progress.
  • Control: Export, deletion, and synchronization are managed by the user.

2. Account Information (Optional)

  • Description: Email address and username (if an account is established).
  • Storage: Secured via Supabase (authentication provider).
  • Purpose: To enable optional cloud synchronization and secure access.
  • Control: Account creation is optional; full functionality is maintained for anonymous users.

Zero Analytics Policy

Anonymity by Design

The decision was made to utilize zero analytics or tracking tools. Participant behavior on this platform is inaccessible to the project administrators.

Inaccessible Metrics:

  • Page visitation frequency and duration.
  • Click patterns and interaction sequences.
  • Geographical location and hardware specifications.
  • Behavioral trends and usage patterns.

Rationale:

  • Anonymity: Participants remain invisible to the project.
  • Neutrality: Absence of profiling prevents manipulation.
  • Consistency: Alignment of values with technical implementation.

Context: Privacy is prioritized over project metrics. Optimization of conversion funnels and data-driven UX decisions are sacrificed to ensure user anonymity.

Data Persistence Protocols

Local Storage (Primary)

  • Assessment responses: Persisted in the browser's IndexedDB.
  • Audit progress: Saved locally to facilitate session resumption.
  • Diagnostic results: Remain on the device under user control.
  • Data isolation: No server uploads occur without explicit user selection.

Cloud Storage (Optional Opt-In)

If cloud synchronization is activated by the user:

  • Encryption: Secured via Supabase enterprise-level protocols.
  • User control: Synchronization intervals are manually initiated.
  • Portability: Full data export functionality is maintained.
  • Account termination: Results in the permanent removal of all cloud-based data.

Third-Party Services

Supabase (Authentication & Optional Persistence)

  • Purpose: Account management and optional secure data storage.
  • Data processed: Email, username, and assessment results (if sync is enabled).
  • Compliance: GDPR-compliant infrastructure.
  • Regionality: EU-based servers are utilized for enhanced data protection.

Cloudflare Workers (Hosting)

  • Purpose: Edge-based serverless hosting of the application.
  • Data processed: Standard server logs (IP addresses, request headers).
  • Privacy: Minimal logging with automated deletion protocols; GDPR-compliant.
  • Infrastructure: Global distribution with 100% renewable energy utilization.

Participant Rights

Data Access

  • Local data: Accessible via browser development tools.
  • Cloud data: Export functionality available within account settings.
  • History: Full record of audit responses is viewable by the user.

Data Rectification

  • Responses: Assessments can be edited or re-initiated.
  • Account details: Email and profile information can be updated.
  • Recalculation: Scores are updated based on modified response sets.

Data Deletion

  • Local removal: Erasure through browser settings or app interface.
  • Cloud removal: Permanent deletion of assessments or established accounts.
  • Termination: Total removal from project systems upon request.

Data Portability

  • Formats: Support for JSON, CSV, and PDF exports.
  • Audit record: Comprehensive download of individual data.
  • Reporting: Generation of portable diagnostic summaries.

Project Summary

Distinguishing privacy features:

No tracking: Absence of cookies, behavioral monitoring, and profiling.
Local persistence: Data is isolated to the user device by default.
Anonymous usage: Full access without account requirements.
Transparency: Comprehensive documentation of technical practices.
Autonomy: Direct user control over all data decisions.
Design Integrity: Privacy as a foundational architectural requirement.

Verification:

The project embodies the same moral responsibility it examines. Privacy is not merely legally protected; it is an architectural requirement of the system.

This policy records the commitment to treating privacy as a fundamental right. Technology is used to support individual autonomy and truth-telling.