← Back to unfirehose.com

Privacy Policy

How unfirehose collects, stores, and protects your data.

Last Updated: March 10, 2026

1. Two Entities, One Policy

unfirehose operates as two cooperating entities working toward a permacomputer for the people, by the people:

  • unfirehose.com (commercial, operated with unsandbox.com / unturf.com) — Where you create your account and manage your subscription. Handles billing, social features, and the analytics dashboard. Does not store session data directly.
  • unfirehose.org (planned nonprofit data custodian) — Holds all session data in per-account encrypted silos. Every account (free and paid) gets an encrypted silo protected by API key secrets and password authentication. Each account generates a keypair — the private key can grant access to other organizations. Governed by a charter that prevents selling, deleting, or paywalling the aggregate metric dataset.

This privacy policy covers both entities. Where data handling differs, we specify which entity applies.

2. What We Collect

Account Data (via unsandbox.com)

Your account is managed by unsandbox.com. See the unsandbox.com Privacy Policy for account-level data collection (email, payment info, authentication). unfirehose receives your account ID and API keys from the shared platform.

Session Data (submitted by you)

When you or your clients push sessions to the archive, we receive:

  • JSONL message data (chat messages, tool calls, code diffs, command outputs)
  • Token usage and model metadata (which model, input/output tokens, cache tokens)
  • Session metadata (timestamps, duration, source application)
  • Git metadata (branch name, remote URL, commit hashes) when available
  • Thinking/reasoning traces if your model produces them

Repository Data (registered by you)

When you register a repository for mirroring, we clone and store:

  • A bare git clone of the repository (all branches and tags)
  • Repository metadata (platform, canonical name, branch list, default branch)
  • Clone status and last-synced timestamps

Usage Data

  • API request timestamps and rate limit counters
  • Storage usage per account
  • Ingestion byte counts and session counts

We do not use tracking cookies, analytics scripts, or third-party trackers on unfirehose.com.

3. Data at Rest: Storage Architecture

Your data exists in two locations with different properties:

Local (Your Machine)

  • Format: Plain text JSONL files on your filesystem
  • No cloud access required — the dashboard works fully offline
  • You control your own data. No encryption overhead on your own machine.

Cloud (unfirehose.org)

  • All session data stored in per-account encrypted silos
  • Protected by API key secrets and password authentication
  • Each account generates a keypair — the private key can grant read access to other organizations, enabling team-to-team sharing
  • Access grants are revocable at any time (crypto-shred)
  • Metadata indexed in SQLite (WAL mode for crash safety)
  • API keys stored as SHA-256 hashes — raw keys are never persisted server-side

Scrobble Metrics (Opt-In)

  • If you enable scrobbling, only anonymized aggregate metric data is collected
  • Metrics include: tool call names (e.g. "bash", "read", "edit") and integer counters
  • Thought streams, user prompts, and session content are never included in the scrobble
  • Scrobble data contributes to the .org partnership dataset for the commons

4. Access Control

All session data on unfirehose.org is stored in your encrypted silo. Access is controlled by your keypair:

  • Your silo — Only you can read it by default. Protected by your API key secrets and password.
  • Key grants — Your private key can grant read access to other organizations. This enables teams to share session archives with other teams.
  • Revocation — Grants are revocable at any time. The audit trail (who had access, when it was granted/revoked) is preserved.

Sessions without a git remote are automatically set to private.

5. Authentication and API Security

  • API keys use the unfh-pk- (public) and unfh-sk- (secret) prefix scheme
  • Secret keys are never stored in plaintext — only SHA-256 hashes are persisted
  • Optional HMAC-SHA256 request signing with timestamp-based replay prevention (5-minute tolerance)
  • Presigned URLs for direct file access expire after 15 minutes
  • All API traffic uses TLS (HTTPS only, no plaintext HTTP)

6. Scrobble and Public Metrics

If you opt in to scrobbling, unfirehose.org collects anonymized aggregate metric data from your sessions. This includes only:

  • Tool call names (e.g. "bash", "read", "edit", "write") and integer counters
  • Session counts and durations (aggregated)
  • Language and model identifiers

The scrobble never includes: thought streams, user prompts, session content, code diffs, file contents, or any other substantive data from your sessions.

Scrobble is opt-in. If you do not enable it, no metric data leaves your encrypted silo. The .org partnership dataset holds this aggregate metric data and may make it available as open datasets for research purposes.

7. Data Retention

  • Public data: Permanent. The .org data trust preserves public contributions indefinitely as part of the historical record.
  • Unlisted data: Retained per account agreement. Treated as private for retention purposes.
  • Private data: Retained while your account is active. Deleted on request upon account closure.
  • API keys: Revoked keys are soft-deleted (hash retained for audit, raw key unrecoverable).
  • Usage logs: API request metadata retained for 90 days for rate limiting and abuse prevention.

8. Your Rights

You have the right to:

  • Access — Export all your data in JSONL format via the API at any time
  • Rectification — Update your account information through unsandbox.com
  • Deletion — Request deletion of private data and account closure
  • Portability — Your data is in standard JSONL format, usable with any tool
  • Restriction — Change access levels on any session at any time
  • Objection — Opt out of scrobble inclusion by keeping sessions private or unlisted

For public contributions, removal requests are reviewed case-by-case by the .org board, following the same model as the Internet Archive (public record preservation vs individual rights).

GDPR: EU users have additional rights under the General Data Protection Regulation. Contact us for GDPR-specific requests.

9. Third-Party Services

  • Vultr — Infrastructure hosting for unfirehose.org encrypted silos and API
  • Stripe — Card payment processing (via unsandbox.com)

We do not share your data with advertisers, data brokers, or any party not listed above. Third-party services receive only what is necessary for their function.

10. Children's Privacy

unfirehose is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has submitted data, contact us and we will delete it.

11. Open Source Transparency

The unfirehose client libraries (@unturf/unfirehose, @unturf/unfirehose-router, @unturf/unfirehose-schema) are open source. You can audit exactly what data the clients collect and transmit. The JSONL format specification is public.

12. Contact

For privacy questions, data requests, or GDPR inquiries:

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be announced via email to subscribed users and posted on this page. Continued use of the service after changes constitutes acceptance.

Terms of Use · unsandbox.com Terms · unsandbox.com Privacy