Sakurai/poke
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update html/priv.ejs

Browse Source
This commit is contained in:
ashley 2025-11-06 22:59:12 +01:00
parent 11094bb820
commit 0990581f20
1 changed files with 194 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

477
html/priv.ejs
View File

@ -37,7 +37,7 @@
font-stretch: 1% 800%;
font-display: swap;
}
*,*::before,*::after{box-sizing:border-box}
html,body{margin:0;padding:0}
html{-webkit-text-size-adjust:100%;text-size-adjust:100%}
@ -88,7 +88,7 @@
margin: 22px 0 8px 0;
font-size: clamp(1.24rem, 2.4vw, 1.6rem);
padding-bottom: 6px;
border-bottom: 1px solid #1f1f22;
border-bottom: 1px solid #1f1f22;
font-stretch: extra-expanded;
}
p { margin: 10px 0; color: #e7e7e7; }
@ -150,14 +150,15 @@
</header>
<main class="wrap" role="main">
<section class="hero" aria-label="Intro" style="border-top: none;">
<h1 class="doc-title" style="text-align: center;font-size: 4em;font-weight: 1000;font-stretch: extra-condensed;">we dont track YOU!</h1>
<section class="hero" aria-label="Intro" style="border-top: none;">
<h1 class="doc-title" style="text-align: center;font-size: 4em;font-weight: 1000;font-stretch: extra-condensed;">we dont track <em>you</em>!</h1>
<p class="doc-lede">
<strong>We dont collect any data about you.</strong> No telemetry, no trackers! Because Poke is <strong>free software</strong>, you can also check the source and self-host.
<strong>We dont collect personal data.</strong> No trackers, no third-party analytics. Because Poke is <strong>free software</strong>, you can read the code and self-host.
For transparency: this instance keeps <strong>anonymous, local-only usage counts</strong> (see “/api/stats” below) — no IPs, no cookies, no fingerprinting.
</p>
<div class="meta-row" aria-label="Document metadata">
<span class="badge">Instance: <span class="mono">poketube.fun</span></span>
<span class="badge">Version date: <time datetime="2025-10-11">October 11, 2025</time></span>
<span class="badge">Version date: <time datetime="2025-11-07">November 7, 2025</time></span>
</div>
</section>
@ -165,13 +166,13 @@
<section id="whats-new" class="update-box" aria-labelledby="whats-new-heading" role="region">
<h3 id="whats-new-heading">
Whats New — Policy Update
<span class="when">October 11, 2025</span>
<span class="when">November 7, 2025</span>
</h3>
<p style="margin-top:6px">
Highlights:
</p>
<p style="margin-top:6px">Highlights:</p>
<ul>
<li><strong>New UI:</strong> simpler and better layout (yay!)</li>
<li><strong>New section:</strong> Anonymous Usage Statistics (<code>/api/stats</code>) — enabled by default, local-only, no personal data.</li>
<li><strong>TL;DR updated:</strong> clarified anonymous counts vs. personal data.</li>
<li><strong>Cookies &amp; Storage:</strong> disclosed anonymous localStorage ID used for stats.</li>
</ul>
<div class="update-actions" aria-label="Update actions">
<button type="button" id="dismissUpdate" aria-label="Dismiss this update notice">Dismiss</button>
@ -187,6 +188,7 @@
<li><a href="#ownership">Ownership</a></li>
<li><a href="#initiative-privacy">Initiative Site Privacy</a></li>
<li><a href="#what-we-collect">What We Do/Dont Collect</a></li>
<li><a href="#stats">Anonymous Usage Statistics (/api/stats)</a></li>
<li><a href="#cookies">Cookies &amp; Storage</a></li>
<li><a href="#openstreetmap">OpenStreetMap</a></li>
<li><a href="#weather">Weather Pages &amp; Services</a></li>
@ -210,7 +212,7 @@
<section id="overview" aria-labelledby="preamble-heading">
<h2 id="preamble-heading" class="section">Preamble</h2>
<p>
Welcome to Pokes Privacy Policy. We dont collect data about you and we dont run telemetry. Poke is <strong>free software</strong> you can read, remix, and run yourself.
Welcome to Pokes Privacy Policy. We dont collect personal data and we dont use trackers. Poke is <strong>free software</strong> you can read, remix, and run yourself.
</p>
<p class="callout">Not legal advice lol</p>
</section>
@ -220,15 +222,15 @@
<h2 id="summary-heading" class="section">TL;DR</h2>
<div>
<ul>
<li><strong>No data collected.</strong> at all!!</li>
<li><strong>No telemetry.</strong> We dont phone home.</li>
<li><strong>No personal data collected.</strong></li>
<li><strong>Anonymous local-only stats enabled by default.</strong> No IPs, no cookies, no fingerprinting, no third parties.</li>
<li><strong>No third-party trackers.</strong> Yippe!!</li>
<li><strong>YouTube cant see what you watch here.</strong> Its all done on the backend.</li>
<li><strong>YouTube cant see what you watch here.</strong> Its all done on the backend.</li>
</ul>
<ul>
<li><strong>Poke Account:</strong> no email required, no personal info needed.</li>
<li><strong>Poke Maps:</strong> uses OpenStreetMap data; map tiles/attribution may have separate privacy rules depending on the tile server you use.</li>
<li><strong>No required cookies.</strong> Preferences (like theme or layout) may live in local storage on your device.</li>
<li><strong>No required cookies.</strong> Preferences and the anonymous stats ID live in local storage on your device.</li>
</ul>
</div>
</section>
@ -247,41 +249,33 @@
<h2 id="initiative-privacy-heading" class="section">Initiative Site Privacy</h2>
<p>
The informational website at <a href="https://initiative.poketube.fun/" rel="noopener">initiative.poketube.fun</a> does not collect personal information.
Since the website is hosted on codeberg pages, the <strong>Codeberg</strong> privacy policy applies:
<a href="https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md" target="_blank" rel="noopener">View it Here!</a>.
Since the website is hosted on Codeberg Pages, the <strong>Codeberg</strong> privacy policy applies:
<a href="https://codeberg.org/Codeberg/org/src/branch/main/PrivacyPolicy.md" target="_blank" rel="noopener">View it here</a>.
</p>
</section>
<!-- What we collect -->
<section id="what-we-collect" aria-labelledby="collect-heading">
<h2 id="collect-heading" class="section">What We Do/Dont Collect</h2>
<details class="block">
<summary>We collect <em>nothing</em> about you</summary>
<details class="block" open>
<summary>We collect <em>no personal data</em> about you</summary>
<p>
We dont store IP addresses, user-agent fingerprints, unique identifiers, emails, names—none of it. Theres no telemetry or “anonymous crash reports.”
We dont store IP addresses, fingerprinting data, emails, names—none of it. Theres no third-party analytics or ads.
</p>
</details>
<details class="block">
<summary>What exists briefly so the internet works</summary>
<p>
Every time you open a page, your browser and Pokes server exchange a small amount of technical data — this is simply how the web works.
Without this back-and-forth, pages couldnt load, images wouldnt display, and requests wouldnt reach the right place.
</p>
<p>
When your browser requests a page, the server (which uses <strong>Nginx</strong>) momentarily processes information such as the requested URL,
the response code, and the time it took to deliver the page. These details may appear in access logs briefly for operational health and security.
On Pokes primary instance, these logs are kept for the shortest technically feasible duration and are not linked to any personal data.
</p>
</details>
<details class="block">
<summary>What exists briefly so the internet works</summary>
<p>
Every time you open a page, your browser and Pokes server exchange a small amount of technical data — this is simply how the web works.
Without this back-and-forth, pages couldnt load, images wouldnt display, and requests wouldnt reach the right place.
</p>
<p>
When your browser requests a page, the server (which uses <strong>Nginx</strong>) momentarily processes information such as your IP address, the requested URL, the response code, and the time it took to deliver the page.
This data is known as <em>connection metadata</em> — its automatically generated by all web servers as part of the HTTP standard.
</p>
<p>
These minimal details may briefly appear in <strong>Nginx access logs</strong>.
Such logs are necessary for the server to function correctly — for example, to detect broken routes, prevent abuse, monitor uptime, or fix routing bugs.
However, on Pokes primary instance, these logs are kept for the shortest technically feasible duration and are not linked to any personally identifying data.
They exist purely for operational health and security — never for tracking or analytics.
</p>
<p>
No cookies, user-agents, browser fingerprints, or other identifiers are stored or analyzed.
Once the request is processed, the transient connection data fades away — leaving no persistent record that can be used to identify you.
</p>
</details>
<details class="block">
<summary>Poke Account</summary>
@ -290,287 +284,203 @@
</p>
</details>
</section>
<details class="block">
<summary>Optional Anonymous Usage Statistics (/api/stats)</summary>
<p>
This instance of Poke may optionally record <strong>basic, anonymous usage counts</strong> to help improve performance and understand what videos are popular.
</p>
<p><strong>This telemetry is fully optional and off by default.</strong> Instance admins may enable it manually.</p>
<p>When enabled, the system stores:</p>
<ul>
<li>Video ID that was viewed (example: <code>?v=VIDEOID</code>)</li>
<li>Anonymous unique instance ID stored in your browsers localStorage (not a cookie)</li>
<li>Browser type (e.g. Firefox, Chromium)</li>
<li>Operating system type (e.g. GNU/Linux, Android)</li>
</ul>
<p><strong>What is NOT collected:</strong></p>
<ul>
<li>No IP addresses</li>
<li>No cookies</li>
<li>No account data</li>
<li>No fingerprinting</li>
<li>No sharing with third parties</li>
<li>No ads, analytics platforms, or trackers</li>
</ul>
<p>
These stats exist only locally on this instance and are used strictly to improve the service and see which videos are watched most.
You can inspect the code on Codeberg to verify exactly what it does.
</p>
<p><strong>Disable telemetry:</strong> If you self-host, you can turn this off in <code>telemetryConfig</code> in the server code.</p>
<p style="margin-top:8px;">If telemetry is disabled, <em>/api/stats</em> will return empty data.</p>
</details>
<!-- Anonymous Usage Statistics -->
<section id="stats" aria-labelledby="stats-heading">
<h2 id="stats-heading" class="section">Anonymous Usage Statistics (<code>/api/stats</code>)</h2>
<p>
This instance of Poke collects <strong>anonymous, local-only usage counts</strong> to understand which videos are popular and which platforms people visit from.
This improves performance and feature decisions.
</p>
<ul>
<li><strong>Enabled by default.</strong> Instance operators may disable it in server configuration.</li>
<li><strong>What is recorded:</strong> video ID (<code>?v=…</code>), an anonymous random viewer ID stored in <strong>localStorage</strong> (not a cookie),
browser type (e.g., Firefox, Chromium), and operating system family (e.g., GNU/Linux, Android).</li>
<li><strong>What is <em>not</em> collected:</strong> IP address, cookies, account data, full user-agent string, fingerprinting, personal information.</li>
<li><strong>Where it lives:</strong> the counts are stored on this server only and are never sent to third parties.</li>
<li><strong>Public API behavior:</strong> <code>/api/stats</code> exposes only aggregate data (e.g., top 10 videos, browser/OS totals, total unique users). Individual IDs are never shown.</li>
</ul>
<p>
Poke is free software — you can inspect the source to verify this behavior or turn it off when self-hosting.
</p>
</section>
<!-- Cookies & storage -->
<section id="cookies" aria-labelledby="cookies-heading">
<h2 id="cookies-heading" class="section">Cookies &amp; Local Storage</h2>
<ul>
<li><strong>No cookies :D!</strong></li>
<li><strong>Local storage only for preferences</strong> (e.g., theme, layout). This stays on your device.</li>
<li><strong>No cookies required.</strong></li>
<li><strong>Local storage:</strong> used for preferences (e.g., theme, layout) and for a single <em>anonymous</em> random viewer ID used by <code>/api/stats</code>.</li>
</ul>
<p class="small">
To remove data stored in your browser, you can use your browsers cookie/site-data controls: <br>
<a href="https://support.google.com/chrome/answer/2392709" rel="noopener" target="_blank">· Chrome</a> <br>
<a href="https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox" rel="noopener" target="_blank">· Firefox</a> <br>
<a href="https://support.apple.com/HT201265" rel="noopener" target="_blank">· Safari (iOS)</a> <br>
<a href="https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox" rel="noopener" target="_blank">· Firefox</a> <br>
<a href="https://support.apple.com/HT201265" rel="noopener" target="_blank">· Safari (iOS)</a> <br>
<a href="https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac" rel="noopener" target="_blank"> · Safari (macOS)</a> <br>
<a href="https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d" rel="noopener" target="_blank">· Edge</a> <br>
<a href="https://support.brave.app/hc/en-us/articles/360048833872-How-Do-I-Clear-Cookies-And-Site-Data-In-Brave" rel="noopener" target="_blank">· Brave</a>
</p>
</section>
<!-- OpenStreetMap -->
<section id="openstreetmap" aria-labelledby="osm-heading">
<h2 id="osm-heading" class="section">OpenStreetMap</h2>
<p>
Poke Maps uses data from <a href="https://www.openstreetmap.org/" target="_blank" rel="noopener">OpenStreetMap</a> — a community-driven, free-licensed world map built by thousands of volunteer contributors.
</p>
<p>
When you visit <a href="/map">/map</a>, Poke displays OpenStreetMap through a simple <strong>&lt;iframe&gt;</strong> element embedded directly into the site.
This means the map interface and tiles (streets, landmarks, terrain, etc.) are loaded from OpenStreetMaps own tile servers rather than from Pokes infrastructure.
</p>
<p>
Poke does not proxy or modify these map requests — your browser connects directly to the third-party domain
<a href="https://www.openstreetmap.org/" target="_blank" rel="noopener">openstreetmap.org</a>
(and its associated tile servers) in order to display the map visuals.
</p>
<p>
While Poke itself does not collect or log any identifying information about your visit to the map, OpenStreetMaps servers may process standard connection details (such as IP address, timestamp, and request type) as part of normal web delivery.
You can read more in their official
<a href="https://wiki.osmfoundation.org/wiki/Privacy_Policy" target="_blank" rel="noopener">OpenStreetMap Foundation Privacy Policy</a>.
</p>
</section>
<!-- Weather -->
<section id="weather" aria-labelledby="weather-heading">
<h2 id="weather-heading" class="section">Weather Pages &amp; Services</h2>
<p>
Pokes weather pages use third-party, privacy-respecting services to resolve places and fetch forecasts.
</p>
<details class="block">
<summary>Geocoding / Place Lookup</summary>
<p>
Uses <a href="https://nominatim.openstreetmap.org/" rel="noopener" target="_blank">nominatim.openstreetmap.org</a> (OpenStreetMap Nominatim).
Privacy: <a href="https://osmfoundation.org/wiki/Privacy_Policy" rel="noopener" target="_blank">OSMF Privacy Policy</a>.
</p>
<p><strong>How it works:</strong></p>
<ul>
<li>
The request is always proxied through Pokes backend — never directly from your browser.
(<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-api.js#L111" target="_blank" rel="noopener">See source</a>)
</li>
</ul>
</details>
<details class="block">
<summary>Forecast Data</summary>
<p>
Uses <a href="https://open-meteo.com/" rel="noopener" target="_blank">open-meteo.com</a> for weather forecasts.
Privacy: <a href="https://open-meteo.com/en/terms#privacy" rel="noopener" target="_blank">Open-Meteo Terms &amp; Privacy</a>.
</p>
<p><strong>How it works:</strong></p>
<ul>
<li>
All forecast queries are proxied through Pokes backend. Your browser never connects to Open-Meteo directly.
</li>
<li>
Only essential parameters (latitude, longitude, units, etc.) are forwarded.
<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-api.js#L195" target="_blank" rel="noopener">See source here</a>.
</li>
</ul>
</details>
</section>
<!-- OpenStreetMap -->
<section id="openstreetmap" aria-labelledby="osm-heading">
<h2 id="osm-heading" class="section">OpenStreetMap</h2>
<p>
Poke does not add trackers to these requests. However, when third-party services are contacted (directly or via proxy),
their respective privacy policies apply to those specific requests.
Poke Maps uses data from <a href="https://www.openstreetmap.org/" target="_blank" rel="noopener">OpenStreetMap</a> — a community-driven, free-licensed world map built by thousands of volunteer contributors.
</p>
<p>
When you visit <a href="/map">/map</a>, Poke displays OpenStreetMap through a simple <strong>&lt;iframe&gt;</strong> element embedded directly into the site.
This means the map interface and tiles are loaded from OpenStreetMaps tile servers rather than from Pokes infrastructure.
</p>
<p>
Poke does not proxy or modify these map requests — your browser connects directly to <strong>openstreetmap.org</strong> (and its associated tile servers).
While Poke itself does not collect or log identifying information about your visit to the map, OpenStreetMap servers may process standard connection details for delivery.
See the <a href="https://wiki.osmfoundation.org/wiki/Privacy_Policy" target="_blank" rel="noopener">OpenStreetMap Foundation Privacy Policy</a>.
</p>
</section>
<!-- Translate -->
<!-- Weather -->
<section id="weather" aria-labelledby="weather-heading">
<h2 id="weather-heading" class="section">Weather Pages &amp; Services</h2>
<p>
Pokes weather pages use privacy-respecting services to resolve places and fetch forecasts.
</p>
<details class="block">
<summary>Geocoding / Place Lookup</summary>
<p>
Uses <a href="https://nominatim.openstreetmap.org/" rel="noopener" target="_blank">nominatim.openstreetmap.org</a> (OpenStreetMap Nominatim).
Privacy: <a href="https://osmfoundation.org/wiki/Privacy_Policy" rel="noopener" target="_blank">OSMF Privacy Policy</a>.
</p>
<p><strong>How it works:</strong></p>
<ul>
<li>The request is proxied through Pokes backend — never directly from your browser.</li>
</ul>
</details>
<details class="block">
<summary>Forecast Data</summary>
<p>
Uses <a href="https://open-meteo.com/" rel="noopener" target="_blank">open-meteo.com</a> for weather forecasts.
Privacy: <a href="https://open-meteo.com/en/terms#privacy" rel="noopener" target="_blank">Open-Meteo Terms &amp; Privacy</a>.
</p>
<p><strong>How it works:</strong></p>
<ul>
<li>All forecast queries are proxied through Pokes backend. Your browser never connects to Open-Meteo directly.</li>
<li>Only essential parameters (latitude, longitude, units, etc.) are forwarded.</li>
</ul>
</details>
</section>
<section id="translate" aria-labelledby="translate-heading">
<h2 id="translate-heading" class="section">Translate Page (SimplyTranslate)</h2>
<p>
Our translate page does <strong>not</strong> send your data directly to Google or SimplyTranslate.org from your browser.
Instead, all requests are proxied through our own backend servers.
When you use the page, only the necessary parameters are passed securely on the server side:
<code>from</code> (source language), <code>to</code> (target language), and <code>text</code> (the content you entered).
Your browser never connects to SimplyTranslate.org directly.
Our translate page does <strong>not</strong> send your data directly to Google or SimplyTranslate.org from your browser.
Instead, all requests are proxied through our own backend servers. When you use the page, only the necessary parameters are passed securely on the server side:
<code>from</code> (source language), <code>to</code> (target language), and <code>text</code> (the content you entered).
</p>
<p>
We rely on the community-run
<a href="https://simplytranslate.org/" rel="noopener" target="_blank">SimplyTranslate</a> service (a privacy-friendly
translation front-end). SimplyTranslate is a <strong>free software</strong> project: you can see the
<a href="https://codeberg.org/ManeraKai/simplytranslate" rel="noopener" target="_blank">source code</a> and its
<a href="https://codeberg.org/ManeraKai/simplytranslate/raw/branch/main/legal_notice.txt" rel="noopener" target="_blank">legal notice</a>.
Our backend integration is handled in
<a href="https://codeberg.org/ashley/poke/src/branch/main/src/libpoketube/init/pages-static.js#L223" target="_blank" rel="noopener">
Pokes server code
</a>.
We rely on the community-run <a href="https://simplytranslate.org/" rel="noopener" target="_blank">SimplyTranslate</a> service (a privacy-friendly translation front-end).
SimplyTranslate is a <strong>free software</strong> project: you can see the
<a href="https://codeberg.org/ManeraKai/simplytranslate" rel="noopener" target="_blank">source code</a> and its
<a href="https://codeberg.org/ManeraKai/simplytranslate/raw/branch/main/legal_notice.txt" rel="noopener" target="_blank">legal notice</a>.
</p>
</section>
<!-- Placeholder anchor to preserve original TOC link -->
<section id="third-parties" aria-label="Third-Party Requests & Proxy"></section>
<!-- API Logs Policy -->
<section id="api-logs" aria-labelledby="api-logs-heading">
<h2 id="api-logs-heading" class="section">API Logs Policy</h2>
<p>
When you request any resource from the Poke API (for example: thumbnails, API endpoint) information about the request may be logged.
</p>
<details class="block">
<summary>Information logged per request</summary>
<p>
The information recorded for each API or resource request is <strong>strictly limited</strong> to the following items — and nothing else:
</p>
<ul>
<li>the time the request was made</li>
<li>the status code of the response</li>
<li>the method of the request</li>
<li>the requested URL</li>
<li>how long it took to complete the request</li>
</ul>
<p>
<strong>No identifying information is logged</strong>, such as the visitors cookie, user-agent, or IP address.
</p>
</details>
<!-- API Logs Policy -->
<section id="api-logs" aria-labelledby="api-logs-heading">
<h2 id="api-logs-heading" class="section">API Logs Policy</h2>
<p>
When you request any resource from the Poke API (for example: thumbnails, API endpoint) information about the request may be logged for operational health.
</p>
<details class="block">
<summary>Information logged per request</summary>
<p>
The information recorded for each API or resource request is <strong>strictly limited</strong> to the following items — and nothing else:
</p>
<ul>
<li>the time the request was made</li>
<li>the status code of the response</li>
<li>the method of the request</li>
<li>the requested URL</li>
<li>how long it took to complete the request</li>
</ul>
<p>
<strong>No identifying information is logged</strong> in API logs, such as the visitors cookie or IP address.
(The <code>/api/stats</code> feature is separate and only stores anonymous aggregates listed above.)
</p>
</details>
<details class="block">
<summary>Example log lines</summary>
<pre class="small" style="white-space:pre-wrap;margin:8px 0;">
<details class="block">
<summary>Example log lines</summary>
<pre class="small" style="white-space:pre-wrap;margin:8px 0;">
2019-01-19 16:37:47 +00:00 200 GET /api/v1/comments/xrlETJYzH-c?format=html&amp;hl=en-US 1345.88ms
2019-01-19 16:37:53 +00:00 200 GET /vi/r5P-f5arPXE/maxres.jpg 1085.41ms
2019-01-19 16:37:54 +00:00 200 GET /watch 7.04ms
</pre>
</details>
<p>
This website does not store the visitors user-agent or IP address and does not use fingerprinting, advertisements, or tracking of any form.
</p>
</section>
</pre>
</details>
<p>
This website does not use fingerprinting, advertisements, or tracking of any form.
</p>
</section>
<!-- Legal bases -->
<section id="legal-bases" aria-labelledby="gdpr-heading">
<h2 id="gdpr-heading" class="section">Legal Bases for Processing (GDPR / EU Law)</h2>
<p>
The Poke Project and its primary instance (<span class="mono">poketube.fun</span>) operate under the jurisdiction of the
<strong>European Union</strong> and comply with the principles of the
<strong>General Data Protection Regulation (GDPR)</strong> (Regulation (EU) 2016/679).
The projects hosting structure is based in <strong>Germany</strong>, where data protection is taken seriously.
</p>
<ul>
<li>
<strong>Legitimate interest:</strong> Operating the Poke service safely and efficiently while collecting <em>no</em> personal data whatsoever.
</li>
<li>
<strong>Consent:</strong> If one day we add an optional feature that needs personal information, youll be clearly asked — not tricked — before its ever processed.
Currently, no such data collection exists.
</li>
<li>
<strong>Legal obligation:</strong> Even if an authority asks for user data, theres nothing to hand over.
We dont store IPs, cookies, or user identities — so theres nothing to surrender under German or EU law.
</li>
</ul>
<p>
This section is here for compliance transparency only — Poke simply doesnt process or retain personal data in the first place.
</p>
</section>
<!-- Your Rights -->
<section id="your-rights" aria-labelledby="rights-heading">
<h2 id="rights-heading" class="section">Your Privacy Rights</h2>
<p>
Because Poke doesnt collect or store personal info, theres really nothing about you that we can give, sell, or lose.
You wont need to ask for “export my data” or “delete my profile” — we just dont have any of it.
</p>
<p>
Poke accounts dont require your name, email, or any identifying detail — you literally cant add them even if you tried.
</p>
<p>
But outside Poke, you *do* have rights and tools to protect your privacy. Here are a few ideas (because yes, we want you safe):
</p>
<ul>
<li>
Use a privacy-respecting search engine — e.g. <a href="https://duckduckgo.com/" target="_blank" rel="noopener">DuckDuckGo</a> — so your queries arent logged everywhere.
</li>
<li>
Run browser extensions that block trackers, fingerprinting, and sketchy scripts.
</li>
<li>
Use HTTPS whenever possible, avoid sketchy public WiFi, and keep your OS/browser updated.
</li>
<li>
Check device permissions (camera, mic, location) and revoke ones you dont use.
</li>
<li>
Use a VPN or encrypted connections when youre on public or untrusted networks —
we recommend <a href="https://mullvad.net/" target="_blank" rel="noopener"><strong>Mullvad VPN</strong></a>,
a privacy-respecting provider that doesnt require personal info or keep logs.
</li>
<li>
Opt out of analytics/tracking — for example, install the
<a href="https://tools.google.com/dlpage/gaoptout" target="_blank" rel="noopener">Google Analytics opt-out add-on</a>.
</li>
<li>
Use a content blocker like <a href="https://ublockorigin.com/" target="_blank" rel="noopener"><strong>uBlock Origin</strong></a> — its free software and amazing at killing ads and trackers.
</li>
<li>
Try <a href="https://privacybadger.org/" target="_blank" rel="noopener"><strong>Privacy Badger</strong></a> (by EFF) — it automatically spots and blocks trackers that dont respect your privacy.
</li>
<li>
Consider <a href="https://www.ghostery.com/" target="_blank" rel="noopener"><strong>Ghostery</strong></a> — another good tracker-blocker that shows whos trying to spy on you.
</li>
<li>
Use browsers built around privacy — <a href="https://www.mozilla.org/firefox/new/" target="_blank" rel="noopener"><strong>Firefox</strong></a> (and forks) is a strong pick.
Also, <a href="https://www.mozilla.org/firefox/focus/" target="_blank" rel="noopener"><strong>Firefox Focus</strong></a> for mobile blocks trackers by default.
</li>
<li>
Explore privacy tool directories like <a href="https://www.privacytools.io/" target="_blank" rel="noopener"><strong>PrivacyTools.io</strong></a> — they list secure, community-vetted apps and services.
</li>
</ul>
<p style="margin-top:1em;">
These steps wont make u invisible, but they shift the balance in ur favor. You deserve control over ur own data — always.
</p>
</section>
<section id="legal-bases" aria-labelledby="gdpr-heading">
<h2 id="gdpr-heading" class="section">Legal Bases for Processing (GDPR / EU Law)</h2>
<p>
The Poke Project and its primary instance (<span class="mono">poketube.fun</span>) operate under the jurisdiction of the
<strong>European Union</strong> and comply with the principles of the
<strong>General Data Protection Regulation (GDPR)</strong> (Regulation (EU) 2016/679).
</p>
<ul>
<li><strong>Legitimate interest:</strong> Operating the Poke service safely and efficiently while collecting no personal data.</li>
<li><strong>Consent:</strong> If one day we add an optional feature that needs personal information, youll be clearly asked before its processed.</li>
<li><strong>Legal obligation:</strong> Even if an authority asks for user data, theres no personal data to hand over.
We dont store IPs, cookies, or identities.</li>
</ul>
<p>
This section is here for compliance transparency only — Poke simply doesnt process or retain personal data in the first place.
</p>
</section>
<!-- Your Rights -->
<section id="your-rights" aria-labelledby="rights-heading">
<h2 id="rights-heading" class="section">Your Privacy Rights</h2>
<p>
Because Poke doesnt collect or store personal info, theres really nothing about you that we can give, sell, or lose.
You wont need to ask for “export my data” or “delete my profile” — we just dont have any of it.
</p>
<p>
Poke accounts dont require your name, email, or any identifying detail — you literally cant add them even if you tried.
</p>
<p>
But outside Poke, you <em>do</em> have rights and tools to protect your privacy. Here are a few ideas:
</p>
<ul>
<li>Use a privacy-respecting search engine — e.g. <a href="https://duckduckgo.com/" target="_blank" rel="noopener">DuckDuckGo</a>.</li>
<li>Run browser extensions that block trackers, fingerprinting, and sketchy scripts.</li>
<li>Use HTTPS whenever possible, avoid sketchy public Wi-Fi, and keep your OS/browser updated.</li>
<li>Check device permissions (camera, mic, location) and revoke ones you dont use.</li>
<li>Use a VPN on public or untrusted networks — try <a href="https://mullvad.net/" target="_blank" rel="noopener"><strong>Mullvad VPN</strong></a>.</li>
<li>Use a content blocker like <a href="https://ublockorigin.com/" target="_blank" rel="noopener"><strong>uBlock Origin</strong></a>.</li>
<li>Try <a href="https://privacybadger.org/" target="_blank" rel="noopener"><strong>Privacy Badger</strong></a> (EFF).</li>
<li>Use browsers built around privacy — <a href="https://www.mozilla.org/firefox/new/" target="_blank" rel="noopener"><strong>Firefox</strong></a> (and forks),
or <a href="https://www.mozilla.org/firefox/focus/" target="_blank" rel="noopener"><strong>Firefox Focus</strong></a> for mobile.</li>
<li>Explore privacy tool directories like <a href="https://www.privacytools.io/" target="_blank" rel="noopener"><strong>PrivacyTools.io</strong></a>.</li>
</ul>
</section>
<!-- Data Retention -->
<section id="retention" aria-labelledby="retention-heading">
<h2 id="retention-heading" class="section">Data Retention</h2>
<ul>
<li><strong>Server logs:</strong> No personal identifiers on our main instance.</li>
<li><strong>Telemetry/analytics:</strong> Not enabled here.</li>
<li><strong>Server logs:</strong> minimal operational logs (no personal data) kept for the shortest technically feasible duration.</li>
<li><strong>Anonymous usage stats:</strong> counts are stored locally on this server; admins may reset or disable at any time.</li>
</ul>
</section>
@ -578,7 +488,7 @@
<section id="javascript" aria-labelledby="javascript-heading">
<h2 id="javascript-heading" class="section">JavaScript &amp; No-JS</h2>
<p>
JavaScript is <strong>optional</strong> on Pokes websites. Core features—including search—work without JavaScript.
JavaScript is <strong>optional</strong> on Pokes websites. Core features including search work without JavaScript.
</p>
</section>
@ -586,7 +496,8 @@
<section id="self-host" aria-labelledby="selfhost-heading">
<h2 id="selfhost-heading" class="section">Self-Hosting</h2>
<p>
Poke is free software under the <strong>GNU GPL v3.0 or later</strong>. you can self-host it yourself! <a href="https://codeberg.org/ashley/poke/#hosting-poke"> see here </a>
Poke is free software under the <strong>GNU GPL v3.0 or later</strong>. You can self-host it yourself!
<a href="https://codeberg.org/ashley/poke/#hosting-poke">See here</a>.
</p>
</section>
@ -594,7 +505,7 @@
<section id="changes" aria-labelledby="changes-heading">
<h2 id="changes-heading" class="section">Changes to this Policy</h2>
<p>
If we ever change how privacy works here, well update the date at the top and announce major changes. Spoiler: changes would not include adding two bananas. this isnt minions LOL :3
If we ever change how privacy works here, well update the date at the top and announce major changes. Spoiler: changes would not include adding two bananas. this isnt minions LOL :3
</p>
</section>
@ -649,7 +560,7 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH D
(function(){
const updateBox = document.getElementById('whats-new');
const dismissBtn = document.getElementById('dismissUpdate');
const KEY = 'poke_privacy_update_2025_10_11_dismissed';
const KEY = 'poke_privacy_update_2025_11_07_dismissed';
try{
if(localStorage.getItem(KEY)==='1'){ updateBox && (updateBox.hidden = true); }
}catch{}