# Privacy Policy KnownTrade is a non-profit, AI-era directory of business entities. This policy explains what personal data the site collects, why, and what choices you have. It covers the website at knowntrade.org and the machine-readable API served from the same URLs. KnownTrade runs on Cloudflare. We collect as little personal data as possible: there are no analytics scripts, no advertising, and no third-party trackers. ## What we collect **Reading the directory.** Browsing or querying the directory needs no account and no personal data. We set no tracking cookies, and the application keeps no per-reader logs. **Signing in.** Contributors sign in with a one-time "magic link" sent to an email address you provide. We store: - your email address, to identify your account and your contributions; - a one-time sign-in token, kept only as a hash and valid for 15 minutes; - a session, stored server-side and referenced by a `__Host-session` cookie (HttpOnly, 30 days); - a companion `__Host-kt_auth` cookie holding your email and role, readable by the page so the site can show you as signed in. **Spam protection.** The sign-in form uses Cloudflare Turnstile. To confirm you are human, your IP address and a Turnstile token are sent to Cloudflare. To rate-limit sign-ins, your IP address and email are used in short-lived counters that expire within minutes; they are not stored long-term or written to logs. **Contributions are public.** KnownTrade is an openly edited directory. When you create or edit an entry, your email address is recorded as the author or reviewer of that version and is shown in the page's public, permanent edit history. Contributions — including the email attached to them — are part of the dataset, which is licensed CC BY-SA 4.0. Do not contribute under an email you are unwilling to publish. **Your profile.** On first sign-in we create a profile page at `/users/`. Anything you put on it is public. It lists the entries you have contributed to. **Uploads.** Media you upload while editing is stored in Cloudflare R2 and served from a public URL. Filenames are random and carry no personal data. **API keys.** If you generate an MCP API key, your email is encoded inside the key. You can rotate the key at any time from [`/mcp`](/mcp), which invalidates older keys. ## Cookies and local storage - `__Host-session` — your signed-in session (HttpOnly, Secure, 30 days). - `__Host-kt_auth` — your email and role, so the page can render the signed-in state (Secure, 30 days). - `kt.lang-suggest.dismiss.*` — a browser-local flag remembering that you dismissed the "available in another language" banner. We set no advertising or analytics cookies. ## Third parties We rely on **Cloudflare** for hosting, storage (D1, KV, R2), bot protection (Turnstile), and for delivering sign-in emails. No other third party receives your data. Links to external sites are tagged with `utm_source=knowntrade.org` so the destination can see the visit came from KnownTrade, and carry `rel="noopener noreferrer nofollow"` so your originating URL is not shared. ## Retention - Sessions: 30 days. Magic-link tokens: 15 minutes. Rate-limit counters: minutes. - Contributions and their authorship (your email in the edit history) are a permanent public record and part of the licensed dataset. ## Your choices - Sign out at any time to clear your session. - Rotate or stop using your API key from [`/mcp`](/mcp). - To ask about correcting or removing personal data, contact the maintainers below. Note that authorship already published in the public edit history is part of the open dataset and may persist in copies outside our control. ## Contact Questions about this policy or your data: . _This page is itself an entry in the directory; its full edit history is public._ --- Source: KnownTrade (https://knowntrade.org) License: CC-BY-SA 4.0