WHITEFLAG

1. Overview

WHITEFLAG ("we," "us," "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights. We are committed to minimal data collection and transparent practices.

Effective date: February 26, 2026

2. Analytics (Umami)

We use Umami, a privacy-focused analytics service, to understand how visitors use our site. Umami is designed to be GDPR compliant without requiring a consent banner because it:

• Does not use cookies
• Does not collect personal data
• Does not track users across websites
• Does not collect IP addresses (anonymized before processing)
• Collects only aggregate page views, referrer sources, browser types, and country-level location

No consent banner is required for Umami under GDPR, ePrivacy Directive, or CCPA because no personal data is processed.

3. Futures Terminal Submissions

When you submit a proposal through the Futures Terminal, we store the following:

• Proposal text — the content you submit
• Generated report — the AI-generated analysis of your proposal
• Hashed IP address — a one-way cryptographic hash of your IP address, used solely for rate limiting and abuse prevention; your actual IP cannot be recovered from the hash
• Timestamp — when the submission was made

We do not collect your name, email, or any other personally identifiable information with terminal submissions. Submissions may be displayed publicly and anonymously on the site.

4. Cookies

WHITEFLAG does not use cookies. We use browser localStorage for the following client-side preferences only:

• Legal disclaimer dismissal — remembers if you've dismissed the legal notice banner
• UI preferences — stores display preferences locally in your browser

localStorage data never leaves your browser and is not transmitted to our servers.

5. Third-Party Services

We use the following third-party services:

• Umami Cloud — privacy-respecting analytics (see Section 2)
• Cloudflare — CDN and DDoS protection (processes IP addresses under their own privacy policy for security purposes)

We self-host all fonts and do not load resources from Google or other tracking-capable CDNs.

6. Data Retention

• Analytics data — retained in aggregate form; no personal data is stored
• Terminal submissions — stored indefinitely unless you request deletion
• localStorage — persists in your browser until you clear it; we have no access to it

7. Your Rights

You have the right to:

• Request deletion of your terminal submissions by emailing us with details of the submission (approximate date and content)
• Clear localStorage at any time through your browser settings
• Browse anonymously — no account or personal information is required to use the site

Since we collect minimal data and do not maintain user accounts, most data subject rights (access, portability, rectification) are not applicable.

8. Children's Privacy

WHITEFLAG is not directed at children under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the site after changes constitutes acceptance.

10. Contact

For privacy questions, data deletion requests, or concerns:

Email: questions@whiteflag.us

11. Governing Law

This privacy policy is governed by the laws of the State of New York, United States.