This page exists both as a quick privacy entry point and as the destination for the public worker’s /docs/privacy redirect.
Start Here
- privacy for the technical privacy model
- privacy-policy for the draft policy text that reflects current code behavior
Current-State Highlights
- Admin routes now have built-in auth checks in both workers.
- Public Pulse routes expose derived, aggregate data only, not raw messages.
- Daily summaries are currently public because
PUBLIC_DAILY_DIGESTS=truein the checked-in public worker config. - Raw exports are usually scheduled for deletion after processing: 72 hours after success and 168 hours after failure when delete-after-processing is enabled.
- Some legal and controller details still require human confirmation before this can be treated as a final public policy.