Privacy Policy
This site is built privacy-first, and this policy says so plainly: we collect the minimum a web server needs to run securely, we set no cookies, and we run no trackers, analytics, or advertising.
Who this covers
This notice applies to foss.violetskysecurity.com (the “Site”) — the open-source research and proof-of-concept home for the Sovereign Policy Token Transactions (SPT-Txn) framework — and its public demonstration endpoints. The Site is operated by Violet Sky Security SEZC, a special-economic-zone company in the Cayman Islands (“we”, “us”).
What we collect
The Site has no accounts, no registration, no sign-up forms, and no contact forms. We do not ask you for personal information. The only data generated is standard server and security logging:
- Server access logs — your IP address, timestamp, the request line and HTTP status, and your browser’s user-agent string, recorded by the web server and TLS proxy.
- Firewall events — connection metadata used for automated abuse prevention (for example, rate-limiting and brute-force throttling of repeated connection attempts).
We do not use cookies, local storage, web beacons, fingerprinting, third-party analytics suites, advertising networks, or any third-party tracking on the Site. Every asset, including fonts, is served from this domain — your browser makes no third-party requests, so no data is shared with any external provider. Any analysis of traffic is performed in-house on the server access logs described above, using a self-hosted log analyzer; nothing is added to your browser and no log data leaves our server.
Why we process it
We process the limited log data above for our legitimate interests in operating, understanding, and protecting the Site: diagnosing faults, ensuring availability and integrity, understanding aggregate visitor traffic and trends (including distinguishing automated crawlers and bots from human visitors), and detecting and preventing abuse, attacks, and automated scanning. We do not use it to build profiles of individuals, and we do not market to you.
How long we keep it
Logs are retained for up to approximately 30 days, then automatically rotated and deleted. We keep them no longer than necessary for security, troubleshooting, and understanding Site traffic.
Who we share it with
We do not sell your data, and we do not share it with advertisers or data brokers. We may disclose information only where required by applicable law or legal process, or where strictly necessary to investigate abuse or protect the security and rights of the Site and its users.
How we protect it
All traffic to the Site is encrypted in transit with TLS. The Site runs on a hardened, least-privilege server with default-deny networking and strict process isolation. Security is a design goal of this project, not an afterthought.
International processing
The Site is operated by a Cayman Islands SEZC entity and may be hosted in or accessed from multiple jurisdictions. By using the Site you understand that the limited log data described above may be processed in those locations.
Your rights
Depending on your jurisdiction (for example, under the GDPR or comparable laws), you may have rights to access, correct, or request deletion of personal data we hold about you, and to object to certain processing. Because we hold only short-lived server logs keyed to an IP address, we may need additional information to locate any records relating to you. To make a request, contact us using the details below.
Children
The Site is a technical research resource intended for a professional and developer audience. It is not directed at children and we do not knowingly collect information from them.
Changes to this policy
We may update this policy as the Site evolves. Material changes will be reflected by the “Last updated” date above.
Contact
Questions or privacy requests: rudi@violetskysecurity.com — Violet Sky Security SEZC, Cayman Islands Special Economic Zone.