Core approach
Open Frontier aims to minimize data collection, favor browser-side processing for static tools, avoid behavioral advertising, and make external dependencies understandable. That does not mean every product collects zero data or works entirely offline.
Browser-only tools and simulations
Many tools process inputs in JavaScript on your device. Work may exist only in memory or may be saved to browser storage such as localStorage or IndexedDB. Unless a network feature is used, the content itself generally does not need to be sent to an Open Frontier backend.
Browser storage is not a durable backup. It may be removed when you clear site data, use private browsing, change devices, or when the browser reclaims storage.
Hosting and analytics
Sites are primarily hosted on Cloudflare infrastructure. Like most web hosts, Cloudflare processes request information needed to deliver and protect a site, which can include IP address, user agent, requested URL, timing, and security signals.
Storefronts may use Cloudflare Web Analytics, a cookieless measurement service designed without cross-site tracking. Individual creators may have approved analytics options on platform-hosted products. Open Frontier's intended model does not rely on behavioral advertising or sale of personal data.
Accounts and platform services
Products that support identity, publishing, ownership, synchronization, collaboration, payments, support, or marketplaces process the information necessary for those functions. This can include an account identifier, email or GitHub identity, roles, product ownership, usage needed for quotas or creator payouts, uploaded content, and transaction references.
Do not assume the no-account behavior of a static tool applies to a Pro service or creator console.
AI features
An AI feature can use one of several execution paths:
- Local heuristics or conventional JavaScript with no model request.
- A model downloaded to and executed in the browser through WebGPU or WASM.
- A browser-provided built-in AI capability.
- A third-party API authorized with a user-provided key.
- A server-side model offered by a Pro product, including Cloudflare Workers AI.
When a third-party provider receives a request, its privacy, retention, and model-training terms apply. Do not send confidential, regulated, or legally privileged content without reviewing those terms and your obligations.
API keys
Some standalone tools may store user-provided keys in local browser storage. Platform products can provide encrypted key-vault and authorized proxy capabilities. In either case:
- Use a dedicated key with the smallest possible permissions.
- Set provider-side spending and rate limits.
- Do not reuse a production organization owner key.
- Revoke a key if you suspect exposure.
- Inspect the relevant source and network behavior before trusting an unfamiliar tool.
Third-party content and links
Tools can load fonts, libraries, model files, datasets, APIs, or other assets from third parties. Links to another website take you outside Open Frontier's control. The target's policies then apply.
Children and education
Public simulations can be used without student accounts, which reduces personal-data exposure. Open Frontier does not claim ecosystem-wide compliance with child privacy or school contracting regimes. Schools should review products, browser policies, external requests, and local legal requirements before managed deployment.
Regulated data
Do not use public Open Frontier products for protected health information, payment card data, government classified data, export-controlled information, or other regulated content unless a specific product agreement explicitly supports that use. No ecosystem-wide HIPAA, PCI DSS, SOC 2, or similar certification is claimed.
Your choices
- Use no-account static tools for lower-data workflows.
- Clear browser site data to remove locally stored settings and work.
- Do not enable optional AI, sync, analytics, or network features you do not need.
- Export and independently back up important work.
- Use provider controls to delete or revoke external account data and keys.
- Open an issue when a tool does not disclose a meaningful network dependency.
Retention and deletion
Browser-only data remains until you clear it, the product deletes it, or the browser evicts it. Server-side retention differs by product and data type. Account deletion should remove or de-identify data no longer legally or operationally required, but backups, fraud prevention, financial records, and security logs can have different retention periods.
The ecosystem does not yet publish one universal retention schedule. Products collecting durable user data should document retention and deletion before being treated as mature public services.
International access
Cloudflare and third-party providers can process data in multiple countries. Open Frontier does not currently claim a universal enterprise data-processing agreement, regional residency guarantee, or appointed privacy representative for every jurisdiction.
Copyright and removal requests
If a public item includes material you believe infringes your rights, identify the exact URL, the protected work, your relationship to it, and a way to contact you. Reports should go to the responsible repository owner. Material may be temporarily disabled while provenance and license terms are reviewed.
Security limitations
No public web service can promise absolute security. Mature platform stores have automated tests and compliance checks, but Open Frontier does not claim an independent ecosystem-wide security certification. Use beta services with proportionate caution and report vulnerabilities privately where possible.
Questions and corrections
Data flows should be documented at the product level. If this overview conflicts with observed behavior, the behavior should be investigated and either corrected or documented. Report the exact URL and network request in the affected repository.