Privacy Policy
Last updated: February 2026
This policy covers the FreedomCore website (freedomcore.app) and associated services. It is intentionally plain — easy to read, easy to compare to the code, easy to hold us to.
Summary
- We do not sell your data
- We do not serve ads
- We do not track you across the web
- Peer-to-peer communications are encrypted end-to-end — we cannot read them
- Website visit data is minimal and used only for security scoring
Website Visits
When you visit freedomcore.app, Cloudflare provides standard request metadata:
- IP address (including IPv6 prefix)
- Approximate location (country, region, city — derived from IP, not GPS)
- Network information (ASN, ISP name)
- Bot score (automated vs human likelihood)
- Browser fingerprint (user agent string)
This data is used to:
- Score visitors for bot detection (the visitor gate)
- Route you to the nearest edge location
- Display the network visualization demo
What We Store
- Visitor log entries in Cloudflare D1 (IP, geo, ASN, bot score, timestamp). Purged after 7 days. No personal identifiers beyond IP.
- fm_gate cookie — a session cookie set after Turnstile verification. Expires in 24 hours. Contains no personal data.
The Live Demo
The homepage calls /api/whoami to show you what an edge provider can infer at first contact. This data is displayed in your browser and is not stored server-side.
Peer-to-Peer Communications
FreedomCore’s mesh network uses end-to-end encryption (Noise protocol: X25519 + ChaCha20). Lighthouses see connection metadata (who is connecting to whom) but cannot decrypt payload data.
Groups that run their own lighthouse control their own metadata. FreedomCore’s public lighthouses (Toronto, Sydney) are used for bootstrapping only and retain no connection logs.
Third-Party Services
- Cloudflare — edge network, DNS, DDoS protection, bot detection. Subject to Cloudflare’s privacy policy.
- Apple TestFlight — macOS app distribution. Subject to Apple’s privacy policy.
Children
FreedomCore is not designed for or directed at children under 13. We do not knowingly collect data from children.
Your Rights
You may request deletion of any data we hold about you by contacting [email protected].
Changes
We will update this policy as the product evolves. Material changes will be noted with a date.
Contact
Privacy questions: [email protected]
Notes
This page has no subtopics yet.
Want structure here? Add a child doc at src/content/docs/privacy/<child>.md.