← dashboard

Privacy Policy

Last modified: 2026-07-16

Trust model

You cannot truly trust any server you do not control. This includes 0druid.cc. No privacy policy can change that. If you require genuine privacy, use end-to-end encrypted protocols (Signal, Matrix E2EE, GPG), connect via Tor or a VPN you trust, and assume every intermediate server is hostile.

That said, every service here is designed to collect as little data as technically possible. Here is exactly what each service does and does not record.

Per-service data collection

VPN / WireGuard (port 51820)

DNS (ports 53, 5335, 853, 8535) no logging

NTP / NTS (ports 123, 4460)

HTTPS (ports 80, 443)

SSH (port 3447)

Summary

ServiceQuery loggingAccess loggingIP addressesSession tracking
VPN / WireGuardnonenonenonenone
DNS (all paths)nonenonenonedisabled
DoT proxynonegroup name onlynonedisabled
NTP/NTSnonetransient in-memorytransientnone
HTTPSN/Anonenonedisabled*
SSHN/Aauth events onlyyes (journal)none

* DoT proxy has tickets disabled entirely. Caddy session tickets are encrypted, expire in 72h, contain no user data.

Data sharing

No data is sold, shared, transferred, or monetized. No advertisers, no analytics, no third-party scripts, no tracking pixels. The DNS/NTP server and VPN nodes are self-hosted on rented cloud infrastructure. Providers have physical access but we encrypt what we can and simply do not store the rest.

Data retention

Security measures

Warrant canary

As of 2026-07-16, we have never received a National Security Letter, FISA court order, or any other classified government request for user data. The full canary history is at /warrants/. This section will be removed if we ever receive such a request.

Contact

r.ustydruid520@proton.me • Matrix: @druid520:tchncs.decodeberg