Privacy Policy

Last updated: April 23, 2026.

Aether is a private, invite-only dashboard. This document explains in plain language what we collect, what we don't collect, and what control you have over your data.

The short version

  • One cookie: ccd_auth. It stores a SHA-256 hash of your access password and lets you stay signed in for 30 days.
  • No analytics scripts. No ad networks. No fingerprinting. No third-party trackers.
  • Your client data lives in your browser's local storage. You can delete it at any time by clearing site data.
  • If you connect your own social tokens or LLM API keys, those are stored client-side or on infrastructure you control.
  • We do not sell, share, or rent any data to third parties. Ever.

What we collect

1. The auth cookie

When you sign in, we set an HttpOnly, Secure,SameSite=Lax cookie named ccd_auth. Its value is a SHA-256 hash of the shared site password — not the password itself. The cookie expires after 30 days. It is never transmitted to any third party.

2. Local storage

Your client roster, canvas content, theme preference, and recent view are persisted in your browser's localStorageunder the key ccd-store-v1. This data never leaves your browser unless you explicitly export it or sync it to a key-value store you provision yourself.

3. Server logs

The hosting provider (Vercel) maintains standard request logs (timestamp, path, status code, IP address) for operational purposes. These are retained per Vercel's default policy and are not used by Aether for analytics.

What we do not collect

  • No Google Analytics, Plausible, Fathom, Mixpanel, Amplitude, Segment, PostHog, or any other analytics SDK.
  • No advertising pixels (Meta, Google Ads, TikTok, X, LinkedIn).
  • No session replay (Hotjar, FullStory, LogRocket).
  • No A/B testing frameworks.
  • No browser fingerprinting.
  • No location tracking.
  • No marketing email lists.

Third-party connections you opt into

If you connect a social account (Instagram, YouTube) or LLM provider (Anthropic, OpenRouter, Ollama), Aether will make requests to those services using credentials you provide. Those requests are subject to the third party's privacy policy. Aether does not proxy your secrets through any intermediate server we control unless you explicitly configure it that way.

Your rights (GDPR, CCPA, and beyond)

You have the right to access, correct, export, and delete any data Aether holds about you. Because almost all of your data lives in your own browser, you can exercise most of these rights instantly:

  • Access / export: open the developer tools and inspect localStorage.
  • Delete: sign out and clear site data, or use the "Reset workspace" option in the dashboard.
  • Correct: edit any field directly in the dashboard.

For server-side data (the auth cookie hash, server logs), email us at the address below and we will respond within 30 days.

Children

Aether is not directed at children under 16 and we do not knowingly collect data from children.

Changes to this policy

If this policy changes materially, we will update the date at the top and notify active users on next sign-in.

Contact

Questions, requests, or concerns: stephenpcrump504@gmail.com.

← Back to home