Privacy Policy

Effective: 2026-06-13 · Version: v2

cocore stores as little personal data as it can while still functioning as an open, ATProto-native protocol.

What we collect

The cocore.dev exchange (which you may or may not be using — exchanges are federable and anyone can run their own) collects:

  • Your DID — the ATProto identity you signed in with. This is public information by design. If you signed up via Bluesky, it's the same DID that backs your Bluesky handle.
  • API keys you mint — stored hashed (SHA-256, no salt because the input is already 256 bits of entropy). The plaintext key is shown to you exactly once at creation; we cannot recover it.
  • OAuth session tokens — the access + refresh tokens issued by your PDS, plus the DPoP private JWK. Stored encrypted at rest in our SQLite session store; used only to publish records to your repo on your behalf.
  • Records you publish — every dev.cocore.compute.* record you create lives on your own PDS (e.g. bsky.network for a Bluesky DID). cocore.dev caches a copy in our AppView's local index so dashboards load fast; deleting the record from your PDS removes it from the index.

What we don't collect

  • We do not store inference prompts in plaintext. The console encrypts each prompt to the chosen provider's published X25519 key before it leaves your browser. The exchange never sees decrypted prompts.
  • We do not retain provider-side replies. The console decrypts them in-process to stream back to your client and drops them; the AppView only indexes the metadata receipt (token counts, price, attestation strong-ref).
  • We do not sell, license, or share your data with third parties. There is no advertising network. There is no analytics pixel.
  • We do not track non-signed-in visitors beyond the access logs on Railway, Cloudflare, and the GitHub release-asset CDN — same logs that any other operator's HTTP service collects.

Where data lives

  • Your records (dev.cocore.compute.*) — your PDS (Bluesky's host, or whatever PDS your DID resolves to).
  • AppView index — SQLite on a Railway volume mounted into the cocore.dev services container. Records keyed by ATProto URI; re-buildable from the source PDS firehose.
  • API keys + OAuth sessions — SQLite on a Railway volume mounted into the cocore.dev console container.
  • Static page logs — Railway / Cloudflare access logs; retention is whatever the underlying providers default to.

Your rights

  • Delete everything: the /account page has a "Wipe all my data" button that deletes every record you own across all cocore collections from your PDS, removes the corresponding rows from cocore.dev's AppView, and hard-deletes every API key.
  • Take your data with you: every record is on your own PDS in open ATProto format. You can export your repo with com.atproto.sync.getRepo at any time without going through cocore.dev.
  • Sign out: clears the cookie locally. The OAuth session in our SQLite store stays alive (so any API keys you've minted keep working) — to fully revoke server-side credentials, revoke each key individually on /account first.

Generative-AI disclosure

This privacy policy was drafted with the help of generative AI tooling and reviewed by human maintainers. The codebase that implements it was built the same way.

Contact

This is alpha-stage hobby/research software. Bug reports and privacy questions go to GitHub issues at https://github.com/graze-social/cocore .