Our Principles
Your privacy is critically important to me. A few fundamental principles:
- •I collect your personal information only when I need it to provide the service.
- •I don't share your personal information except to comply with the law or protect my rights.
- •I don't store personal information unless required for the ongoing operation of the service.
- •I make every effort to protect your privacy using secure technology and self-controlled infrastructure wherever possible.
How I Collect Information
wisp.place uses the AT Protocol for authentication. When you log in, you authenticate directly with your Personal Data Server (PDS) — I never see your password. What I receive and store is your Decentralized Identifier (DID), a public pseudonymous identifier that is the foundation of your AT Protocol identity. I do not collect email addresses or phone numbers.
During the login process, your AT Protocol handle (e.g. you.bsky.social) may appear in application logs. It is not stored in the database.
When you publish a site, I store metadata about it: the site name, display name, your wisp.place subdomain, any custom domains you configure, content hashes, timestamps, and your site settings. The actual files you upload live on your PDS as blobs — I hold a derived cache to serve them to visitors.
I retain server logs and collect non-personally-identifying operational data — request paths, HTTP methods, status codes, and response durations — to monitor service health and diagnose issues. I do not log IP addresses, User-Agent strings, or Referer headers.
Request counts are aggregated into periodic hit totals per site. These aggregate statistics contain no personally identifying information — no IP addresses, no geographic data, no visitor identifiers of any kind — and are made available to site owners who support the project.
I use a signed session cookie to keep you logged into your account. Session records are stored in the database and expire after 30 days.
How I Use Information
- •Authenticate you and associate you with your sites and domains
- •Serve your published sites to visitors
- •Resolve your custom domains and subdomains correctly
- •Monitor service health, diagnose errors, and measure performance
- •Enforce usage limits and prevent abuse
- •Provide site owners who support the project with aggregate hit statistics for their own sites
Infrastructure and Third Parties
wisp.place runs on infrastructure I own and operate directly. There are no advertising networks, analytics platforms, or data brokers involved.
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Web servers & application | Netcup | Germany | Serving sites to visitors, main application |
| Web servers & application | UpCloud | California, Singapore | Serving sites to visitors, main application |
| Web servers, application & monitoring | Oracle Cloud | Virginia, US | Serving sites to visitors, main application, VictoriaLogs, VictoriaMetrics |
| Object storage | Hetzner | Finland | Cold-tier site file cache |
| DNS | Bunny | Global CDN | Domain resolution |
Application logs and request metrics are collected by VictoriaLogs and VictoriaMetrics running on an Oracle Cloud VPS I operate. This data does not leave my infrastructure.
DNS queries for wisp.place domains pass through Bunny's network. See Bunny's privacy policy for details.
Your site content is fetched from your AT Protocol PDS. I do not control the data practices of your PDS provider.
How I Protect Your Information
Session cookies are httpOnly, Secure, and use SameSite=Lax. OAuth authorization states expire after one hour. Signing keys are rotated every six months.
No method of transmission or storage is 100% secure. While I strive to protect your information, I cannot guarantee its absolute security.
Data Retention
Session records expire automatically after 30 days. Site and domain records persist until you delete your site. When you delete your place.wisp.fs record from your PDS, the hosting service receives that event via the AT Protocol firehose and automatically removes the corresponding cache and database entries. For complete removal of your data from my systems, contact privacy@wisp.place in addition to deleting your PDS records.
In-memory log buffers, error traces, and metrics are rolling windows and are not persisted beyond the monitoring stack.
The AT Protocol and Public Data
wisp.place is built on the AT Protocol. Your sites, their files, and the records describing them are public on your PDS. Anyone operating a compatible service can read your published site records and blobs — this is inherent to how the protocol works and is not specific to wisp.place.
The CLI Tool
The wisp.place CLI operates entirely on your local machine. It communicates directly with your PDS and sends no usage data or telemetry to me. OAuth sessions are stored locally in a directory of your choice.
Your Data Rights
You may request a copy of all personal data I store about you, ask me to correct any inaccurate data, or request deletion of all your personal data from my systems. Email privacy@wisp.place and I'll get back to you within 48 hours.
European General Data Protection Regulation (GDPR)
If you are located in the EEA, UK, or Switzerland, the following applies. The data controller for wisp.place is reachable at privacy@wisp.place.
| Processing activity | Legal basis |
|---|---|
| Authenticating you and maintaining your session | Performance of a contract (Art. 6(1)(b)) |
| Storing your DID, site records, and domain assignments | Performance of a contract (Art. 6(1)(b)) |
| Application logs, error traces, and request metrics | Legitimate interests (Art. 6(1)(f)) — operating and securing the service |
| VictoriaLogs / VictoriaMetrics on self-operated infrastructure | Legitimate interests (Art. 6(1)(f)) — service monitoring on infrastructure I control |
I do not process special category data and do not use your data for automated decision-making or profiling.
You have the right to:
- •Access — request a copy of the personal data I hold about you
- •Rectification — ask me to correct inaccurate data
- •Erasure — ask me to delete your data (see retention note above)
- •Restriction — ask me to limit how I process your data
- •Portability — receive your data in a structured, machine-readable format
- •Object — object to processing based on legitimate interests
- •Lodge a complaint — with your national data protection supervisory authority
International transfers: Your data may be processed on servers outside the EEA, including the United States and Singapore. Where this occurs, I rely on Standard Contractual Clauses to ensure an equivalent level of protection.
To exercise your rights, email privacy@wisp.place. I will respond within 30 days.
California Consumer Privacy Act (CCPA / CPRA)
In the last 12 months, I collected the following categories of personal information from California residents:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | AT Protocol DID, wisp.place subdomain, custom domain names | Yes |
| Internet or network activity | Request paths, HTTP methods, status codes, response durations | Yes |
| Sensitive personal information | — | No |
I do not sell or share your personal information for cross-context behavioral advertising.
California residents have the right to:
- •Know what personal information I collect, its sources, the purposes for collection, and any third parties with whom I share it
- •Request deletion of personal information I have collected
- •Request correction of inaccurate personal information
- •Not receive discriminatory treatment for exercising these rights
To make a request, email privacy@wisp.place. I will verify your identity before disclosing or deleting anything, and will respond within 45 days. You may designate an authorized agent by providing written authorization.
COPPA
wisp.place is directed to people who are at least 13 years old. If you are under 13, do not use this site.
Changes to This Privacy Policy
I may update this policy from time to time. Significant changes will be noted in the changelog below.
Contact
Questions or concerns? Email privacy@wisp.place.
Changelog
February 28, 2026 — Initial version published