🔒 Privacy Policy

Your data, your control - zero-knowledge architecture

    TL;DR: Your raw voice recordings and screenshots NEVER leave your device until you explicitly submit them. We use a privacy-first architecture where your local server processes everything, and only extracted insights (text) are published publicly.

What We Collect

Data Type	Where Stored	Who Can See It
Voice Recordings	Your local server (192.168.1.87:5001)	Only you
Screenshots	Your browser (OCR runs locally)	Only you
Extracted Text	Your local server	Only you (until published)
Published Ideas	GitHub Pages (cringeproof.com)	Public (anyone)
Page Views	GitHub's servers (automatic)	GitHub, not us

How We Protect Your Privacy

Privacy-First Architecture

Browser-Based Processing: Screenshot OCR runs 100% in your browser using Tesseract.js - images never leave your device until you click submit
Local Server Control: Voice recordings are transcribed on YOUR server, not ours
CORS-Only: GitHub Pages can POST to your server, but can't read your database
Zero-Knowledge: We never see your raw audio files or original screenshots

What GitHub Pages Logs (Unavoidable)

Since we host on GitHub Pages, GitHub automatically collects:

Your IP address
Browser user agent (e.g., "Chrome on Windows")
Pages you visit
Referrer (where you came from)
Timestamp of visits

We don't control this. GitHub Pages is a free static hosting service, and this logging is part of their infrastructure. See GitHub's Privacy Statement for details.

Data Flow Explained

Recording Voice Memos

You visit cringeproof.com/record.html
Your browser asks for microphone permission
Audio is captured locally (MediaRecorder API)
You click "Stop Recording"
Audio is POSTed via CORS to your local server (192.168.1.87:5001)
Whisper transcribes the audio (on your server)
Ollama extracts structured insights (on your server)
Insights are saved to your SQLite database
Site rebuilds and pushes only the text insights to GitHub Pages
Raw audio stays on your local server forever

Uploading Screenshots

You visit cringeproof.com/screenshot.html
You drag-drop a screenshot
Tesseract.js runs OCR in your browser (image never uploaded)
Extracted text is shown for review
You click "Extract Insights with AI"
Text (not image) is POSTed to your local server
Ollama extracts insights (on your server)
Only text insights are published to GitHub Pages
Original screenshot never leaves your device

Your Rights (GDPR Compliant)

You Have the Right To:

Access: See all data we have about you (it's on YOUR server, so you already have full access)
Rectification: Correct any inaccurate data (edit your SQLite database)
Erasure: Delete your data (delete from your local database)
Portability: Export your data (SQLite export or JSON)
Object: Stop processing (stop using the service)

How to Exercise Your Rights

Since all your raw data is stored on your own server, you have complete control:

View data: Open soulfra.db in any SQLite browser
Delete recordings: Delete files from your server or database
Export data: Use SQLite export or build_site.py
Unpublish ideas: Remove from GitHub repo and rebuild site

Cookies & Tracking

We use NO cookies.

We use localStorage for:

Saving your local server URL preference
Storing theme customization (if you use it)

localStorage stays in your browser and is never sent to any server. You can clear it anytime (browser settings → Clear site data).

Third-Party Services

GitHub Pages

Purpose: Static site hosting
What they collect: IP address, user agent, page views
Privacy policy: GitHub Privacy Statement

CDN for Libraries

Tesseract.js: Loaded from cdn.jsdelivr.net (for screenshot OCR)
What they collect: May log IP addresses for CDN analytics

Your Local Services (You Control)

Whisper: Runs on your server, no external API calls
Ollama: Runs on your server, no external API calls
SQLite: Local database, no cloud sync

Data Retention

Published Ideas (Public)

Stored: Forever on GitHub Pages (unless you delete)
Accessible: Public, indexed by search engines
To delete: Remove from repo and rebuild site

Raw Recordings (Private)

Stored: On your local server
Duration: Until you delete them
Control: 100% yours

Future: Encrypted Storage

We're building client-side encryption using the Web Crypto API:

Password-based encryption: Your password derives an AES-GCM key
IndexedDB storage: Encrypted recordings stored in your browser
Zero-knowledge: We never see your password or decryption key
Playback: Only you can decrypt with your password

This adds an extra layer of privacy for recordings you want to keep but not publish.

Contact

Questions about privacy?

GitHub: Soulfra/voice-archive
Issues: Report privacy concerns

    Last Updated: January 3, 2026

    Effective: Immediately