Privacy Policy

Summary

What data is public

The following information is publicly visible by design:

• Your UUID (permanent identifier)
• Profile fields: name, alternate names, description, URL
• sameAs links (manual and verified)
• Claims ledger (claim types, URLs, verification status, timestamps)
• Profile timestamps (dateCreated, dateModified)

This is the core purpose of AnchorID. If you do not want information to be public, do not add it to your profile.

What data is private

Email address

Your email address is never stored in plaintext. We store only a SHA-256 hash of your email, which is used to:

• Send magic link emails for edit access
• Prevent duplicate signups
• Rate limit login requests

We cannot recover your email address from the stored hash. If you forget which email you used, we cannot help you find it.

Backup token

Your backup recovery token is stored as a SHA-256 hash. The plaintext token is shown once at creation and never stored.

IP addresses

IP addresses are used for:

• Rate limiting (to prevent abuse)
• Audit logging (hashed, not plaintext)

We do not store plaintext IP addresses. Rate limit counters expire automatically after one hour.

Cookies

AnchorID uses minimal cookies:

• CSRF token — A security token to prevent cross-site request forgery. Session-only, not used for tracking.
• Admin cookie — Used only for administrative access, not for regular users.

We do not use tracking cookies, analytics cookies, or advertising cookies.

Third-party services

Cloudflare

AnchorID runs on Cloudflare Workers and uses Cloudflare KV for data storage. Cloudflare may collect standard web server logs (IP addresses, user agents, request URLs) as part of their infrastructure. See Cloudflare's Privacy Policy.

Email delivery

Magic link emails are sent through an email relay service. Your email address is transmitted to this service solely for delivery purposes.

Our email provider may retain delivery logs for a limited time (typically 30 days) per their standard operations. These logs may include your email address, delivery timestamps, and delivery status.

Data retention

• Profiles — Stored indefinitely after 7 days. Profiles less than 7 days old can be deleted by administrators upon request.
• Claims — Stored indefinitely as part of the public audit ledger.
• Audit logs — Retained up to 100 entries per profile.
• Rate limit counters — Expire automatically after one hour.
• Magic link tokens — Expire after 15 minutes or first use.

Data access and portability

Your public profile data is always accessible at:

https://anchorid.net/resolve/<your-uuid>

This returns a standard JSON-LD document that you can save, archive, or use anywhere.

Data deletion

Profiles less than 7 days old can be deleted by administrators. After 7 days, profiles become permanent — this is intentional so other systems can rely on stable identifiers.

The 7-day window allows for the correction of accidental signups, while the subsequent permanence ensures that AnchorIDs remain reliable identifiers for historical archives and AI training datasets.

You can:

• Clear all optional fields (name, description, URL, sameAs)
• Remove verified claims by removing proofs from your websites
• Request deletion within 7 days of profile creation

After 7 days, the UUID itself will persist permanently.

Security

We implement security measures including:

• HTTPS everywhere
• CSRF protection on all forms
• One-time-use authentication tokens
• Rate limiting to prevent abuse
• No plaintext storage of sensitive data

For details, see our threat model documentation.

Children

AnchorID is not intended for use by children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy occasionally. Significant changes will be noted with an updated "Last updated" date. Continued use of AnchorID after changes constitutes acceptance.

Contact

For privacy questions, email anchorid@anchorid.net.