f8xt Privacy Policy

Last updated: April 29, 2026

f8xt does not store notes, accounts, or app data on its own servers. When the site loads, Vercel processes requests and may automatically handle limited request logs and related metadata.

Note

f8xt is a website with no backend server, database, or user account system. The official domains are https://f8xt.app/ and https://f8ful.org/

2. What f8xt Does Not Collect

f8xt never receives, stores, or processes:

Your notes or any content you create
Your name, email address, or any personal identifier
OAuth tokens from Google, Microsoft, or Dropbox
Your cloud file names, folder structure, or metadata
Analytics or behavioural tracking data

Why not: OAuth authentication uses the PKCE flow entirely in your browser. Tokens remain in browser memory on your device only. All file reads and writes occur directly between your browser and your cloud provider's API. No f8xt server is involved.

3. What Vercel Logs

f8xt is hosted on Vercel, which processes requests necessary to deliver the application to your browser.

f8xt does not receive or access these logs. Vercel may automatically process limited request data and related metadata (such as IP address, request path, user agent, and timestamps) in accordance with its own policies:

Privacy policy: https://vercel.com/legal/privacy-policy
Data Processing Agreement: https://vercel.com/legal/dpa

Vercel operates global edge infrastructure, so your request may be served and processed outside your country of residence.

4. Your Cloud Storage Provider

When you connect Google Drive, OneDrive, or Dropbox, your notes are stored as files in your account under that provider's terms. f8xt never receives a copy.

Google: https://policies.google.com/privacy
Microsoft: https://privacy.microsoft.com/en-us/privacystatement
Dropbox: https://www.dropbox.com/privacy

Note on “zero-knowledge”: f8xt cannot read your notes, but your cloud provider can, since files are not encrypted before being written to your drive. If you require encryption at rest, you should apply independent encryption.

5. Cookies and Local Storage

f8xt uses minimal browser storage solely for core functionality.

Cookies may be used in a limited capacity to maintain your authenticated session (for example, keeping you signed in after a page reload). Because f8xt does not store user data on its own servers, this functionality is handled entirely within your browser context.

Your browser's local storage may also be used to store application preferences (such as theme or interface settings) to ensure a consistent experience and to prevent visual resets when the application loads.

This data remains on your device and is not transmitted to f8xt servers.

6. Legal Bases and Your Rights

The only personal data processing associated with f8xt is limited request handling and logging performed by Vercel. The legal basis for this is legitimate interest: operating the infrastructure securely and diagnosing failures.

EU / EEA (GDPR)

Legal basis: Article 6(1)(f). You have rights of access, rectification, erasure, restriction, portability, and objection under Articles 15-21. You may lodge a complaint with your national supervisory authority (Article 77).

Because relevant log data is processed and controlled by Vercel, requests relating to such data should be directed to Vercel. f8xt will make reasonable efforts to assist where possible.

UK (UK GDPR)

Same rights as above. Supervisory authority: Information Commissioner's Office at https://ico.org.uk.

California (CCPA / CPRA)

f8xt does not sell personal information and does not share it for cross-context behavioural advertising. Requests or questions can be directed to the contact below.

Brazil (LGPD)

Legal basis: legitimate interest. You may exercise your rights under Article 18 of Law 13,709/2018 by contacting us using the details below. f8xt will make reasonable efforts to respond and assist where applicable.

Canada (PIPEDA / Quebec Law 25)

We collect only what is necessary for identified purposes with appropriate safeguards.

Australia (Privacy Act 1988)

We comply with the Australian Privacy Principles.

India (DPDP Act 2023)

We process personal data only to the limited extent required to deliver the service, such as the handling of basic request data by our hosting provider (Vercel).

Under the Digital Personal Data Protection Act, 2023, processing is carried out for a lawful purpose. Where applicable, this may rely on your consent or on certain legitimate uses as defined under the Act.

You have the right to access information about your personal data, request correction or erasure, and seek grievance redressal by contacting us at the email below. Requests related to server log data may need to be directed to Vercel, as they control that data.

7. Children

f8xt is not directed at children under 13 (or 16 in the EU/EEA). We do not knowingly collect data from children.

8. International Transfers

Vercel may transfer log data to the United States or other countries. For EU/EEA users, Vercel relies on Standard Contractual Clauses. See Vercel's DPA for details. We have no control over this.

9. Changes

Material changes will be reflected in an updated date at the top of this document.

10. Contact

Email: hi@f8xt.app

We aim to respond within 30 days, but do not guarantee it.

This policy reflects the actual architecture of f8xt. It is not legal advice.