How Private Am I?

1. Who we are

How Private Am I? is a client-intelligence analysis service that interprets technical signals sent by your browser (User-Agent, HTTP headers, and optional in-page JavaScript data) to describe what information those signals may reveal. This notice explains how data is handled when you use the service.

2. What we process

When you use How Private Am I?, we may process the following categories of data:

• User-Agent string and related HTTP request headers sent automatically by your browser to our server.
• JavaScript-accessible signals including screen size, language, timezone, and advanced fingerprint probes (canvas, WebGL, audio, fonts) collected when the application runs script in your browser.
• Approximate geolocation derived locally from your IP address using a MaxMind GeoLite2 database on our server. Your IP is not sent to external geo APIs and is not displayed in the analysis report.
• Anonymized privacy benchmark data when you run a full analysis (POST with JavaScript signals): a numeric privacy score (0–100), exposure band, browser family, country code, and an integer probe richness count (how many fingerprint probe classes succeeded, 0–8). Used for aggregate comparison against recent visits — not tied to your identity. Raw User-Agent, IP, and fingerprint hashes are not stored in this benchmark database.
• Technical metadata such as your IP address and request timestamp, which are inherent to any HTTP communication and may appear in server logs.

Processing is limited to providing the analysis you request. We do not require registration and we do not maintain user accounts.

3. What we do not do

• We do not build advertising profiles or sell your data.
• We do not use cookies for cross-site tracking or marketing.
• We do not store analysis results in a personal database tied to your identity for profiling purposes.
• We do not use your data to authenticate you or make security decisions about you.

4. Retention and logging

Analysis output is returned to your browser in the HTTP response and is not kept as a persistent user record on our systems.

When the privacy benchmark feature is enabled, the service stores a rolling window of the last 1,000 anonymized privacy scores (score, exposure band, browser family, country code, and probe richness) in a local SQLite database for on-site comparison statistics. Older benchmark entries are deleted automatically. This is not used to build advertising profiles or identify individual users. The operator may optionally preload anonymized demo scores for aggregate comparison display; the UI notes when demo samples are included.

The analysis UI may compare your demo fingerprint hash across refreshes in the same browser tab using sessionStorage on your device. That previous hash is not sent to our servers or stored in the benchmark database.

For operational purposes (abuse prevention, rate limiting, and service reliability), our servers may write request logs to local files. These logs can include your IP address, request path, User-Agent header, Referer header (when your browser sends it), response status, and summary metadata about the analysis. Logs are used only for operating and securing and securing the service, not for advertising or behavioral tracking. Log retention and logging can be configured by the operator deploying the software.

5. Purpose and legal basis

We process the data described above to deliver the analysis you request and to protect the service from abuse. Where applicable law requires a legal basis, we rely on legitimate interests in providing and securing the service, balanced against your rights, or on processing that is necessary to perform a service you initiate.

6. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to processing of your personal data, and to lodge a complaint with a supervisory authority. To exercise these rights in relation to How Private Am I?, contact the operator of the instance you are using. If you operate your own deployment, you are responsible for handling such requests.

7. International transfers

If you access How Private Am I? from outside the country where the server is hosted, your data may be processed in that jurisdiction. Ensure your use complies with applicable local requirements.

8. Changes

We may update this notice from time to time. The “Last updated” date at the top indicates the latest revision. Continued use of the service after changes constitutes acceptance of the updated notice where permitted by law.