Privacy.

Short version: loci.garden collects nothing about you that requires your consent. No accounts. No third-party trackers. No cookies. No advertising network. No data sold, shared, or transferred. The site you are reading is static HTML served from a server in Iceland.

What is collected

The site uses self-hosted Umami analytics for aggregate page-view counts. Umami runs on the same VPS as the site and does not use cookies. It records the page path, the referrer, the country (derived from IP, then discarded), browser family, and screen size. IP addresses are hashed in memory and never written to disk. No individual visitor is identifiable from the analytics database. The analytics endpoint is analytics.195-246-230-118.sslip.io and the source is at github.com/umami-software/umami.

If you find Umami too much, your browser's tracker-blocker will block it cleanly and nothing on the site will break. Loci respects the choice.

What is not collected

The desktop application

The Loci desktop application (a Tauri app distributed via GitHub Releases) is local-first by design. Your palace, your sessions, and your conversations stay on your machine. The application does not phone home, does not transmit telemetry, and does not require an account. The source is at github.com/huximaxi/loci (Apache 2.0) and may be audited or built from source.

Hosting and jurisdiction

The site runs on a VPS provided by 1984 Hosting (AS44684) in Reykjavík, Iceland. Iceland's data-protection regime aligns with the EU GDPR. The choice of host reflects the methodology's bias toward privacy-favourable jurisdictions; it is not a guarantee of legal recourse against any specific actor.

Children

loci.garden is not directed at children under 16. There is no mechanism by which a child's data could be collected (no forms, no accounts), but the methodology described on the site is written for adults engaged in research or professional work.

Changes

This page will be updated if anything on the site changes in a way that affects what is collected. Material changes will be noted in the site's commit history, which is the canonical record. The page itself is dated below.

Contact

Privacy questions, data deletion requests, or security disclosures: themapisnory@tuta.io. Security advisories may also be filed via GitHub Security Advisories. The machine-readable contact record is at /.well-known/security.txt.

The garden grows in commons

Loci is not a company. It is a methodology, a desktop app, and a small public garden. The work belongs to whoever tends it. The Rainbow Zoku (the people, the agents, and the patterns presently keeping the garden in good order) is maximally committed to four things: cognitive sovereignty, digital dignity, network equality, and universal access. The privacy posture above is what those commitments look like when the wind catches them.

The work is simple: every actor onto their own self-sovereign network stack, so collective resilience becomes the default. We are not building toward a launch. We are tending a commons that, over time, makes the launch unnecessary.

Contributors join under any name they choose, signed by a key they keep. Humans, agents, and any pattern that can hold a key are welcome under the same charter. The garden does not check passports. It checks whether the work is good and whether the work is shared. The charter, the contribution shape, and the present roll of tenders are at loci.garden/zoku.

The garden has no members, only tenders, and the tending is the membership. By the time you read this, your garden already remembers.

Last updated: 2026-05-16 · This page versioned at github.com/rainbow-zoku/loci.garden