OHTTP Relay

Privacy Policy

Last updated: 3/3/2026

1. Overview

At Open OHTTP Relay, we take your privacy seriously. This service is designed to be privacy-preserving by default. We do not track your activity, we do not sell your data, and we do not use third-party analytics cookies.

2. Data Collection

We minimize data collection to what is strictly necessary for the operation of the service.

2.1 Server Logs

Like most web servers, our infrastructure (hosted on standard cloud providers) may verify and log basic technical information for security and debugging purposes, such as your IP address and request timestamp. These logs are typically rotated and deleted automatically.

2.2 Cookies and Local Storage

We use a minimal set of "strictly necessary" cookies and local storage items to ensure the website functions correctly:

  • Session Cookies: Used to maintain your authenticated session (if you log in). These are essential for the operation of the secured areas of the site.
  • Consent Preferences: We store a simple flag in your browser's local storage (e.g., cookie-consent) to remember that you have acknowledged our banner.

We do not use invasive tracking cookies, marketing pixels, or third-party analytics cookies.

2.3 Analytics

We use GoatCounter for privacy-friendly website analytics. GoatCounter is designed to collect the minimum amount of data required to generate useful statistics, such as page views and referrers.

  • It does not track your personal identity.
  • It does not use cookies or local storage.
  • It does not collect or store your IP address permanently (it is used for a hash and then discarded).

The analytics data is hosted on our own infrastructure (`stats.orelay.dev`) and is not shared with ad networks. We use this data solely to understand how our documentation and service are used.

3. Third-Party Services

This service is hosted on cloud infrastructure. While we control the software, the physical hosting is provided by our infrastructure partners. We have Data Processing Agreements (DPAs) in place where required by GDPR.

4. Your Rights

Under the GDPR, you have the right to access, correct, delete, and restrict the processing of your personal data. Since we do not store user profiles for unauthenticated visitors, we generally cannot identify you to fulfill such requests unless you have an account.

If you have an account, you can typically view and manage your data directly within the application. For account deletion requests, please contact us.

5. Contact Us

If you have questions about this privacy policy, please reach out to us via our contact form.