Privacy Policy

Effective Date: November 1, 2025

uunn is committed to protecting worker privacy. This Privacy Policy explains how we handle your data and why we can be trusted to protect your right to organize.

Our Privacy Principles

1. Privacy First - We never see your messages, documents, or identities
2. Worker Control - You own and control your data
3. No Surveillance - We don't track, profile, or monitor you
4. No Data Sales - We will never sell your data
5. Open Source - Our code is auditable by the community

What We Don't See (By Design)

uunn uses end-to-end encryption to ensure that we, as the platform provider, cannot access your sensitive data:

• Messages - All messages are encrypted on your device before sending
• Documents - Petitions, grievances, and demands are generated locally
• Identities - We only see pseudonyms, not real names
• Organizing Activity - What you discuss and coordinate remains private

What We Do See

To operate the platform, we must process some metadata:

• Group IDs - Identifiers for workplace groups
• Pseudonyms - The names you choose (not real names)
• Public Keys - For encrypting messages to you
• Timestamps - When messages and actions occur
• Invite Codes - For group access control

Important: This metadata is necessary for the platform to function, but it reveals nothing about the content of your communications or organizing activity.

How Encryption Works

Client-Side Encryption

All encryption happens on your device using the Web Crypto API:

1. When you create an identity, your device generates encryption keys
2. Your private key never leaves your device
3. Messages are encrypted before sending to our servers
4. Only recipients with the correct keys can decrypt messages

Technical Details

• Key Exchange: RSA-OAEP with 2048-bit keys
• Message Encryption: AES-GCM with 256-bit keys
• Password Derivation: PBKDF2 with 100,000 iterations
• Random Generation: Cryptographically secure random (CSPRNG)

Data Storage

Client-Side (Your Device)

Sensitive data is stored locally in your browser's IndexedDB:

• Your encryption keys
• Decrypted messages
• Group information
• Action templates and documents

Server-Side (Cloudflare)

Our servers store only encrypted metadata in Cloudflare D1:

• Group metadata (IDs, timestamps)
• Member pseudonyms and public keys
• Encrypted message hashes (for sync)
• Invite codes

Data Retention

• Messages: Stored locally on your device, you control retention
• Metadata: Retained while groups are active
• Deleted Groups: Metadata purged within 30 days
• Audit Logs: Retained for 90 days for security purposes

What We Don't Do

• ❌ We don't use analytics or tracking cookies
• ❌ We don't sell data to third parties
• ❌ We don't share data with employers
• ❌ We don't profile or target users
• ❌ We don't serve advertisements
• ❌ We don't use AI to analyze your communications

Third-Party Services

We use minimal third-party services:

• Cloudflare Pages: Website hosting and CDN
• Cloudflare Workers: Serverless API backend
• Cloudflare D1: Metadata database

All of these services are configured for maximum privacy and minimal data collection.

Legal Requests

If we receive a legal request for user data:

1. We can only provide metadata (pseudonyms, timestamps, group IDs)
2. We cannot provide message content (it's encrypted)
3. We will notify affected users unless legally prohibited
4. We will challenge overly broad or unjust requests

Worker Protection: We are committed to protecting workers' right to organize. We will resist requests that threaten this right.

Security Measures

• End-to-end encryption for all sensitive data
• HTTPS everywhere (TLS 1.3)
• Secure HTTP headers (CSP, HSTS, etc.)
• Regular security audits
• Open source for community review

Your Rights

As a uunn user, you have the right to:

• Access your data (stored locally on your device)
• Export your data (backup feature)
• Delete your data (account deletion)
• Control who sees your information (group membership)
• Organize without surveillance

Children's Privacy

uunn is intended for workers aged 16 and older. We do not knowingly collect data from children under 16.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via the platform. Continued use constitutes acceptance of the updated policy.

Contact Us

Questions about privacy? Contact us at:

• Email: privacy@uunn.org
• GitHub: github.com/uunn/uunn/issues

Open Source Transparency

Our encryption and privacy implementations are open source and available for audit:

• GitHub Repository
• lib/crypto.ts - Encryption utilities
• lib/storage.ts - Local storage management
• schema.sql - Database schema (metadata only)

Built by workers, for workers. Your privacy is our mission.