POLICY

Privacy Policy

Last updated: 2026-03-12

YNTK ("You Need To Know") is a citizen intelligence platform. We believe surveillance is incompatible with that mission. This policy explains what data we collect and how we handle it — with a commitment to collecting as little as technically possible.

No Tracking Cookies

YNTK does not use tracking cookies. No first-party tracking cookies. No third-party tracking cookies. No cross-site tracking. No pixels. No beacons. Your browser is not tagged, profiled, or followed across the web by this site.

To prevent duplicate votes in the crowd signal system, we generate a one-way hash of your IP address, User-Agent header, and Accept-Language header. This hash cannot be reversed to identify you and is used solely for deduplication within a 24-hour window. It is not a tracking mechanism — it cannot follow you across sites, sessions, or pages.

No Third-Party Analytics

We do not use Google Analytics, Facebook Pixel, Hotjar, Mixpanel, or any other third-party analytics service. No external scripts are loaded to track your behavior.

Session Cookies

When you sign in via Google or GitHub, a session cookie (yntk_session) is set in your browser. This cookie:

  • Is HttpOnly, Secure, and SameSite=Lax
  • Expires after 30 days
  • Contains only a random session identifier — no personal data is stored in the cookie itself
  • Is not shared with any third party

You can sign out at any time, which deletes the session. If you do not sign in, no session cookie is set. Reading content never requires a cookie.

Personal Data

Reading content on YNTK requires no account, no email address, and no registration of any kind. There are no newsletters, no subscriptions, and no forms to fill out.

YNTK offers optional social login via Google and GitHub for users who want access to additional crowd signal features. When you sign in, we store only a one-way hash of your OAuth provider user ID. We do not store your name, email address, profile photo, or any other personal information from your provider account. The hash cannot be reversed to identify you. Sessions expire after 30 days.

Hosting & Performance Metrics

YNTK is hosted on Vercel. As part of standard hosting operations, Vercel may collect anonymous, aggregated performance metrics — such as page load times, error rates, and geographic distribution of requests. These metrics contain no personally identifiable information and are used solely to maintain site reliability. See Vercel's privacy policy for details.

Server Logs

Standard web server logs (IP addresses, request timestamps, user agent strings) may be retained by our hosting provider for operational and security purposes. These logs are not mined for analytics, not correlated with user identities, and are subject to automatic expiration per the hosting provider's retention policy.

Crowd Signal System

YNTK includes a crowd signal system that lets readers indicate which content matters to them. There are two signal types:

  • "This matters" — available to all visitors, including anonymous readers. Deduplicated using the one-way fingerprint hash described above, with a 24-hour window per content item. No account required.
  • "Dig deeper" — available only to signed-in users. Signals that a topic warrants further investigation. Requires social login.

Signal data — specifically vote counts, not voter identities — is aggregated and may be used to inform YNTK's research priorities. This data is stored in Redis with no expiration on aggregate vote counts. Anonymous deduplication keys expire after 24 hours.

No vote data is sold, shared with third parties, or exported. We employ anomaly detection to identify suspicious voting patterns (bot swarms, coordinated manipulation). This is strictly for system integrity — not user surveillance.

Your Rights

If you have not signed in, we hold no personal data about you — there is nothing to request, correct, or delete. If you have signed in, you can sign out at any time to delete your session. Since we store only an irreversible hash of your provider ID (not your name, email, or other identifiable information), there is no personal data record to export or erase. If you have questions or concerns about your data, contact us at the address below and we will respond under applicable privacy regulations (GDPR, CCPA, and others).

Contact

Questions about this privacy policy can be directed to:

privacy@yntk.news
Back to home