Privacy. By construction.

Mazemaker is local-first by architecture. Your memories, your queries, your embeddings — all of it stays on your machine. The backend at api.mazemaker.dev answers one question: is this license valid & within quota? It cannot read your data, because it never sees it.

Effective 2026-05-10 · last revised 2026-05-10

1. The two paths — both local-first

Mazemaker has two ways to use the engine. The license model differs. The data location does not.

  • Self-hosted (community). You install the engine from GitHub and run it on your own hardware. No backend involvement. The engine never phones home. We have no operator-side record that you exist.
  • Managed license (Pro / Enterprise). Same engine, same hardware (yours), running with a license key. Your client periodically checks in with api.mazemaker.dev to confirm the license is still valid and to increment the call counter for billing. The check-in carries no memory content, no queries, no embeddings. Just an opaque API-key fingerprint and a counter increment.

This page covers what we collect — which is much less than you'd assume.

2. What this website collects

The marketing site at mazemaker.online, the developer dashboard at mazemaker.dev, and the architect at architect.mazemaker.dev are static pages served by Cloudflare Pages and Cloudflare Tunnel. Cloudflare logs the standard request metadata for every page load:

  • IP address (used for rate-limiting and abuse detection; rotated/aggregated by Cloudflare)
  • User-Agent string
  • Requested URL
  • Timestamp
  • HTTP referrer (when sent by your browser)

We do not load any third-party analytics, advertising, or session-replay scripts. The only third-party endpoint these pages talk to is challenges.cloudflare.com for Turnstile (anti-bot) on forms — governed by Cloudflare's privacy policy.

3. The onboarding handshake

If you start the managed-license onboarding wizard at /onboard/, exactly four pieces of data are recorded operator-side:

  • Email address — activation link, license recovery, operator contact. Stored encrypted at rest.
  • Stripe customer ID — Stripe handles your card data; we never see PAN/CVV. We store your Stripe customer ID and the subscription status.
  • API-key fingerprint — we store a hash of the issued key, not the key itself. The key is shown once at issuance and cannot be retrieved later.
  • Turnstile challenge result — anti-bot, retained for the duration of the form submission only.

That is the full handshake. No name, no address, no phone, no profile data beyond what Stripe needs for billing.

4. What the license-validation backend records (per API call)

When your locally-running engine checks in with api.mazemaker.dev, the backend records:

  • Your API-key fingerprint (the hash from §3)
  • An incremented call counter (for quota enforcement and billing)
  • HTTP status code and latency of the check-in itself
  • Source IP of the check-in (for abuse detection — aggregated, see retention table)

That's the full per-call record. Each row is roughly 80 bytes. No memory text, no recall query, no embedding, no graph node, no dream-cycle output ever crosses the wire to the backend.

5. What we do not collect

This list isn't a "we promise we don't" — it's a list of things the architecture physically prevents us from collecting:

  • Memory content. Your stored memories live on your disk. The backend has no read path to them.
  • Recall queries. Issued locally, served from your local store. The backend never sees the query text.
  • Embeddings. Computed on your hardware (FastEmbed ONNX, optionally CUDA / MLX). They never leave the machine.
  • Graph structure. The labyrinth is yours. We don't replicate it; we don't index it; we don't have it.
  • Dream-cycle output. NREM, REM, Insight phases run locally. Their outputs are local rows.
  • Browser fingerprinting on the marketing site.
  • Cookies on the marketing site. The onboarding flow uses one session cookie scoped to /onboard/.
  • Cross-site tracking pixels, advertising SDKs, behaviour analytics. Zero.
  • AI-training corpus. Your memories are not training data for any model anywhere.

If you self-host: even the §3 + §4 lists do not apply. Self-hosted installations have no operator-side row at all.

6. Where the data lives geographically

  • Your data: on your hardware, in whichever jurisdiction you operate from.
  • License-validation backend & Stripe handshake: Finland (EU).
  • CF Pages edge cache: Cloudflare's global PoP network, but only for static-asset delivery — no operator-side data is replicated to the edge.

7. Your rights (GDPR / CCPA)

Because we hold so little, your rights are mostly satisfied at your own filesystem. The operator-side requests:

  • Export your operator-side data. Email info@mazemaker.dev from the address tied to your API key. We return a JSON blob with your email, Stripe customer ID, API-key fingerprint, subscription state, and per-call counters within 30 days. (To export your memory data, just read the engine's local store on your disk — we don't have it to give you.)
  • Delete your operator-side data. Same email, same address. We purge your row, invalidate the API-key fingerprint, and cancel any active subscription within 30 days. Stripe billing records persist separately under their retention policy.
  • Revoke an API key. Request a key rotation; the old key is invalidated immediately.
  • Self-host instead. Always an option. The engine is AGPLv3 + PolyForm-NC; you can disconnect from the managed license at any time and keep the same local store running.

8. Operator-disclosed retention

Data categoryRetentionNotes
CF Pages access logs≤ 30 daysCloudflare default
Account email & Stripe customer IDLifetime of subscription + 30 days graceRequired for billing & recovery
API-key fingerprintLifetime of the keyHashed; cannot be reversed to the key
Per-call counters90 days rollingQuota enforcement & abuse detection
Stripe billing recordsPer Stripe's policyTax / accounting requirement
Encrypted backups (operator-side rows only)7-day rollingEncrypted at rest; no memory data — we don't have any to back up

9. Subprocessors

  • Cloudflare — DNS, edge caching, Tunnel, Pages, Turnstile.
  • Stripe — payment processing for Pro / Enterprise tiers.
  • The hosting provider for the license-validation backend — physical hardware in Finland (EU).

No analytics, ad-tech, marketing-automation, or AI-training subprocessor handles any of your data.

10. Children

The service is not directed at children under 16. We do not knowingly collect data from children. If you believe a minor has signed up, email info@mazemaker.dev and we will purge the operator-side row.

11. Changes to this policy

If we change anything material — what we collect, how long we keep it, who we share it with — we email every active account-holder before the change takes effect, and update the "last revised" date at the top of this page.

12. Contact

Privacy questions, data-export requests, deletion requests, or anything else covered above: info@mazemaker.dev.

Operator: aLca · sole operator · EU — no corporate entity. Service offered on a personal-operator basis under AGPLv3 + PolyForm-NC license terms. See terms.