Privacy.

We try to operate the website (oknek.com) as close to "log nothing" as a real production service can. There are two surfaces where we collect anything at all:

1. The early-access signup form. When you submit your email via the signup form, we store:

• The email address you typed
• Your IP address (used for rate-limiting and abuse-prevention; not used for tracking)
• Your browser's User-Agent string
• The timestamp of submission
• The page source (e.g., "landing", "status", "blog")

Storage: a Cloudflare D1 database (region: ENAM). We use this only to send you the install command and a private Discord invite when v1 ships, and incident notifications if you opt into the status-page subscribe form. We delete your row immediately if you ask. Email [email protected] with subject line delete and we will purge within 48 hours.

2. Cloudflare Web Analytics (when enabled). If we have the Cloudflare Web Analytics script active on the site, Cloudflare aggregates page-view counts and top-referrer information from sampled requests. This system is cookieless by design — no fingerprint, no PII, no cross-site tracking. We get aggregate numbers like "1,200 visits today" and "top 10 referring domains." We cannot see who you are individually. See Cloudflare's own privacy disclosure for technical details.

We set zero cookies of our own. No analytics cookies, no preference cookies, no advertising cookies. You can verify this by inspecting Set-Cookie headers in your browser's dev tools or via curl -I https://oknek.com/.

The only cookies you might see in your browser when visiting oknek.com are:

• Cloudflare bot-management cookies (__cf_bm, cf_clearance) — set by Cloudflare when their edge needs to challenge your request for DDoS or bot-mitigation reasons. These are security cookies, not behavioral tracking, and they exist for ~30 minutes.

That's the entire list. No first-party tracking. No third-party scripts. No pixels.

What we will set in the future: when paid checkout goes live, Stripe will set its own cookies (__stripe_mid, __stripe_sid) for fraud prevention while you're on the checkout page. When a customer dashboard exists, we'll set a session cookie so we know who's logged in. Both will be added to this page before they ship.

• We will never run Google Analytics, Facebook Pixel, LinkedIn Insight Tag, Hotjar, FullStory, Mixpanel, Amplitude, HubSpot tracking, or any other behavioral analytics service. A security company that surveils its own readers is broken at the foundation.
• We will never sell, rent, or trade your email or other data. Not to advertisers, not to "partners," not to anyone.
• We will never share your information with a third party except when legally compelled (and we'll fight unreasonable orders), or with explicit consent for a specific purpose you've agreed to (e.g., Stripe for processing your payment).
• We will never use dark-pattern consent dialogs. Because we don't track you, we don't need to ask permission to do something we're not doing.
• We will never read agent runtime telemetry from your servers without explicit opt-in. The daemon (oknekd) writes only to local disk; sending telemetry back to oknek.com is opt-in and disabled by default.

Whether you're in the EU (GDPR), California (CCPA/CPRA), or somewhere else, you have the right to ask us to:

• Show you what we have on you. Email [email protected] with subject data request and we'll respond within 14 days.
• Delete what we have on you. Same address, subject delete. Purged within 48 hours.
• Correct what we have on you. Same address, subject update.
• Tell you when we share your data. The answer is: with Stripe (when you pay), with Cloudflare (where the site runs), with Resend (when we email you). And nobody else.

We do not require you to create an account, identify yourself, or pay anything to exercise these rights. We do not require a notarized request. We just respond.