Privacy.

This is short because there isn't much to say. No ad network, no analytics vendor, nothing to sell.

What we collect.

$ myjay privacy --data-collected email: required for login, account recovery (manual, for now) username: your subdomain, public by definition password: never stored in plain text, PBKDF2-SHA256, salted site files: whatever you upload, public if your site is published bio / site title: optional, public if you fill them in session cookie: random token, HttpOnly + Secure, expires after 30 days ip address: transient, in Cloudflare's request logs, we don't query these

What we don't do.

No analytics scripts on myjay.net or the dashboard. View counts on your published site are a single number in D1, incremented server-side. No per-visitor tracking.
No third-party trackers, pixels, or ad networks anywhere on the platform.
No selling, renting, or sharing account data with anyone. There's no one to sell it to, and we wouldn't if there were.
No reading the contents of your files except when an admin action requires it (e.g. investigating abuse reports).

Your published site is yours.

If you add your own analytics, trackers, or ads to your username.myjay.net site, that's between you and your visitors. MyJay doesn't inject anything into your pages, but it also can't stop you from doing this, and it's on you to disclose it per whatever laws apply to you. See terms.

Cookies.

One cookie: session, set after login, used purely to keep you signed in. It's HttpOnly, Secure, and SameSite=Lax, so it isn't readable by JavaScript and isn't sent to third parties. No cookie banner, because there's nothing to consent to beyond "stay logged in."

Deleting your account.

Deleting your account removes your user record and every file in your sites/{username}/ storage. This is permanent and immediate, there's no 30-day grace period or backup to restore from. Currently this is an admin action; a self-service "delete my account" button is on the roadmap.

Changes.

If this policy changes in a way that matters, it'll be mentioned in the announcement banner and in the dev log. Last meaningfully updated: Phase 1 launch.