← back

Privacy policy

last updated · 2026-05-11

lurk is an anonymous-first extension and web app. We have built it so that we cannot identify you even if we wanted to. This page summarises what that means in practice. The full source is on GitHub, and the binding policy file lives in docs/PRIVACY_POLICY.md in that repository.

What we collect

• An anonymous UUID generated locally on first install. Never linked to email, phone, or any other personal identifier unless you explicitly opt in to OAuth or recovery-phrase linking (future feature).
• A nickname you choose (max 20 characters, alphanumeric + dashes + underscores).
• Hashed room keys (SHA-256 of normalised URLs) — never the URLs themselves. Query parameters are dropped before hashing.
• Real-time presence state inside an active room: a stable element selector and relative position, plus your current action (idle, walking, sleeping, waving).

What we do NOT collect

• Email, password, phone number, or any social-graph identifier.
• Page content or screenshots.
• Browsing history beyond the room you're actively in.
• Anything when the extension is disabled or running in incognito mode (we mark incognito as not-allowed in the manifest).

Where data lives

Local state (UUID, nickname, streak, wardrobe loadout) is stored in chrome.storage.local on your machine. Presence state is relayed through a Cloudflare Worker / PartyKit Durable Object that retains it only while the room is active, then drops it.

Reports and moderation

Reports made through the in-extension report button are stored on the server in an opaque, hashed form. We do not surface them to other users.

Contact

Reach out via GitHub issues at github.com/AdotEXE/lurk/issues or, when live, the Discord linked in the footer.