noctara . privacy
back
privacy.
the architecture reads the body, not the surface. this page says exactly what we collect, what we never collect, what we never sell, and how to take it all back.
short version. we collect the smallest amount of data necessary to return your word and recognize you when you come back. we never sell it. we never share it with advertisers. you can export everything we hold on you. you can delete everything we hold on you. both take one click.
what we collect
when you take the mirror
- your six answers, in text.
- the way you typed them. keystroke timing, pauses, deletions, edits, the cadence under the words. this is the behavioral substrate that returns your spine word.
- the returned word and the rhythm we matched you to.
- your email, if you provided one.
- a session identifier we generated on your device.
when you write to her
- the text you wrote.
- your mark, if you have one.
- the timestamp.
when you pay
- your email.
- the product you purchased and the amount.
- stripe holds the payment details. we never see your card number.
what we never collect
- your card number, your bank account, your social security number.
- your location beyond the city your IP suggests.
- your contacts, your photos, your microphone, your camera.
- a profile of your activity across the wider web. we do not buy, sell, or assemble cross-site browsing histories about you. (we do run two standard measurement tools on this site itself, disclosed in the next section.)
- conventional biometric media. we do not store a fingerprint image, a face print, a voice print, or a retina scan. we do collect and store behavioral typing patterns (the timing between keystrokes, pauses, deletions) with your consent, given before your reading begins. these patterns are used to create your reading and, if you enable it, to recognize your sign-in. you can delete them with your account, any time.
measurement and advertising
- this site uses two standard measurement tools: the Meta pixel and Google Analytics 4. they exist only so we can tell whether our own ads and pages are working (a visit, a sign-up, a purchase) and how people move through the site.
- they set cookies and report aggregate events to Meta and Google, governed by those companies' own policies. we do not use them to read your private writing or your reading, and we never sell what they collect.
- you can switch them off: use your browser's tracking protection or a content blocker, opt out at the Meta ad-preferences and Google Analytics opt-out pages, or decline non-essential cookies where prompted. blocking them does not change your reading.
what we never do
- we never sell your data. not to advertisers. not to insurers. not to data brokers. not to governments. not to the highest bidder dressed as a partner.
- we never run ads on top of the architecture.
- we never train a model on your private writing without your explicit consent. your brain dumps stay yours.
- we never publish your reading without your explicit consent. your word is yours.
- we never share your behavioral signature outside the architecture.
how we hold it
your data lives in a single supabase project under our control, in a region we have selected for legal and operational reasons. it is encrypted at rest. it is encrypted in transit. access is restricted to two named operators and to internal endpoints that need it to serve your reading. every access is logged in the audit log.
the patent we have filed (application) covers a hub-and-spoke privacy architecture. that means: no single sensor surface ever holds the full identity model. the hub unifies. the spokes never see the body. as we add hardware surfaces in 2027 and beyond, this constraint will be enforced by the engineering, not the policy.
your rights
you may, at any time and without explaining yourself:
request your data
request deletion
or programmatically:
- export everything
- POST /api/data-export with { "email": "you@example.com" }. we send a confirmation link. clicking it downloads a JSON file with every row we hold on you.
- delete everything
- POST /api/data-delete with { "email": "you@example.com" }. we send a confirmation link. clicking it marks your data deleted immediately. it is hard-purged from our systems after a 90-day grace period during which you may restore by replying to the confirmation email.
- see the audit log
- your export includes the audit log of every time someone (including you) accessed your data. nothing happens to your body without a record.
who can see what
- only you can see your six answers, your brain dumps, and your full reading.
- only you and the two named operators of the architecture can see your behavioral signature.
- your spine word and rhythm are visible to you in your account. they are not published. if you choose to share them publicly (the share artifact at /word/your-word.your-mark), that is your choice. you may unshare at any time.
the antichrist question
the architecture is structurally capable of doing things it has chosen not to do. the same engine that returns your word could sell your word to your employer. the same instrument that reads how you type could optimize manipulation at scale. the difference between the architecture and what the architecture could become is the decisions we make every day. the privacy framework on this page is the public part of those decisions. the architect's continued asking of the question is the part that is not on this page. both matter.
jurisdiction
the architecture operates from marietta, ohio, united states. data is held under applicable united states law. if you are a resident of the european union, the united kingdom, or california, you have additional rights under GDPR / UK-GDPR / CCPA respectively. we honor those rights without requiring you to prove residency. the export and deletion endpoints above satisfy the typical requests.
changes
this page is versioned in our public source tree. material changes will be announced through the daily line and reflected here. nothing in this policy is retroactive without your consent.