what we store, what we don't, and why

• names, emails, phone numbers, or any login of any kind
• photos, video, voice, or location data
• raw ip addresses (see below for what we do with them)
• third-party analytics, advertising, or tracking pixels

we set exactly one cookie, tl_anon. it is a long random string — nothing more. it never leaves this site. it has no connection to your real identity. we use it for a single purpose:

to stop the same browser from voting twice on the same life, and to remember which lives you have already reacted to so the page can quietly tell you so.

you can delete this cookie at any time from your browser settings. if you do, you will be able to vote again on lives you already voted on. nothing else changes.

to prevent abuse (someone submitting 200 lives in five minutes, or mass-reporting other people's lives) we compute a one-way hash of your ip address with a server-side salt and store only the hash against rate-limit and report rows. the raw ip is never written to disk. the hash is not reversible. it lets us count requests; it does not let us identify you.

if our hosting provider (vercel) or cdn (cloudflare) records ip addresses at the network level — which both do for a short time, like any host — that data is theirs, not ours, and is governed by vercel and cloudflare's policies.

when you submit a life, the row in our database holds the numbers and text you typed, a generated slug, and a long random owner_token that becomes your private manage url. there is no column for who you are because there is no idea of who you are.

if you lose your manage url, we cannot recover it for you. that is deliberate. it is the only thing keeping the submission tied to anyone at all.

the submit form embeds a cloudflare turnstile challenge. it is a privacy-respecting alternative to recaptcha that does not profile you and does not require a click. cloudflare sees a small signature about your browser; we see only a yes/no token back from them.

open your private manage url and click delete my fragment. it removes the public page, the votes, and the reactions in one step. it cannot be undone, and it cannot be recovered later.

there is no inbox. if something is wrong with a specific life fragment, use the small report link beneath it. that goes to a private moderation queue.