Version · 1.0 Effective · 2026-04-22 Maintainer · ul0gic Jurisdiction · Missouri, USA

Privacy.

What this site sees about you, who else touches it, and what you can ask us to do about it. Plain language, no dark patterns, no dual-purpose data flows. If you can't read your own privacy policy, it isn't one.

Notice to data brokers

Do not contact. fail2zig and its maintainer do not sell, rent, share, license, barter, syndicate, pool, hash-exchange, cohort-build, or otherwise transfer personal data to any data broker, advertising network, data aggregator, marketing platform, identity graph, or analogous intermediary. We will not accept solicitations to do so. Unsolicited outreach from such parties will be ignored, routed to the bit bucket, and may be forwarded to the relevant regulator.

01 · What this site collects

Three data surfaces, all minimal.

Cloudflare Web Analytics

Pageview counts, referrer domain, country, coarse device class. Aggregated at Cloudflare's edge. Cookieless. No fingerprinting. Not linked to any identifier on our side.

Cloudflare edge logs

Standard request logs (IP address, timestamp, URL, user-agent) retained by Cloudflare per their logging policy. We do not export these to ourselves. We read them only when investigating an incident affecting this site.

The live honeypot feed

The Demo page streams real attack and ban events from a dedicated fail2zig honeypot VM. The IP addresses shown are IPs that attacked our public honeypot — threat intelligence, the same class of data AbuseIPDB, Shodan, and GreyNoise publish openly. Visitor IPs are never read, logged, or shown on that page.

02 · What this site never collects

A clean no-list.

  • No cookies. The site renders without any.
  • No third-party trackers. No Google Analytics, no Facebook Pixel, no Hotjar, no Segment, no ad networks, no tag managers.
  • No fingerprinting. We do not combine signals to identify returning visitors.
  • No cross-site tracking. The site loads no script or pixel that phones home to another origin.
  • No accounts. There is no sign-up, no login, no email or phone on file.
  • No advertising identifiers. We do not pass IDFA, GAID, LiveRamp, UID 2.0, or equivalents.
  • No data sold or shared. See the data broker notice above.
03 · Who processes the data

Three parties touch anything. Nobody else.

Cloudflare, Inc.

CDN, DNS, Web Analytics, edge logs. Acts as a data processor for request metadata. Governed by their privacy policy at cloudflare.com/privacypolicy.

AWS

Hosts the honeypot VM that powers the live demo. The VM reaches Cloudflare outbound only — your browser never talks to it directly. AWS's privacy posture is governed by aws.amazon.com/privacy.

GitHub, Inc.

Hosts the source code, issue tracker, and private security advisories. When you click a GitHub link you leave this site and GitHub's own privacy policy applies.

04 · The daemon on your servers

Nothing leaves your host.

This privacy policy governs fail2zig.com. The software you install on your infrastructure is a separate matter — but the answer is the same: nothing goes anywhere.

The fail2zig daemon and the fail2zig-client CLI do not phone home. They do not contact fail2zig.com. They do not include analytics, telemetry, or remote logging. There is no update check, no crash-report uploader, no opt-in diagnostics. The binary is the same whether the machine is air-gapped or on the open internet.

What the daemon does:

  • Reads log files you configure (e.g. /var/log/auth.log).
  • Writes ban state to a local file.
  • Installs firewall rules via direct netlink to the Linux kernel.
  • Serves IPC over a local Unix socket restricted to root + the fail2zig group.
  • Exposes optional Prometheus metrics on localhost only, by default.

The zero-dependency posture is empirically verifiable. See verifying zero dependencies for the operator recipe.

05 · Your rights

GDPR, CCPA, PIPEDA — in plain language.

Access

Ask us what we hold about you. The honest answer is: whatever Cloudflare's edge logs contain for IPs matching yours, during their retention window. We have nothing additional stored on our side.

Erasure

Cloudflare expires edge logs on its own schedule; we cannot shorten it for individual records. We hold no copies, so there is nothing on our side to erase.

Rectification

The data is transient request metadata. Nothing to correct.

Objection / opt-out

Stop visiting the site, or block Cloudflare's analytics endpoint at the browser level. Neither affects your ability to read the content.

Portability

There is no persistent record on our side to export.

No sale, no sharing

We do not sell or share personal data. The opt-out signals (Global Privacy Control, Do Not Track) are therefore honored by construction.

To exercise any of the above, email hello@fail2zig.com. Best-effort response within 14 days.

06 · Retention and changes

How long things last, how changes are announced.

Cloudflare Web Analytics

Per Cloudflare's retention (aggregated, no user identification).

Cloudflare edge logs

Per Cloudflare's logging retention for the plan this site runs on.

Demo ban state

60-second kernel timeout. Zero-second persistence.

This policy

Versioned. Material changes are flagged in the site changelog. The current version and effective date appear at the top of this page.

Contact

How to reach us.

Plain email works. Use the channel that matches the topic — privacy and data rights on one, bugs on another, security vulnerabilities on the third.

Data rights hello@fail2zig.com
General bugs / features github.com/ul0gic/fail2zig/issues
Security vulnerabilities private advisory form
Operator ul0gic · Missouri, USA