Effective
June 18, 2026
This policy applies to Spiral Sentinel Labs public web surfaces and private
collaboration services, including
spiralsentinel.com,
s1m4x.com,
2y4n.com,
pad.2y4n.com,
pad-sandbox.2y4n.com,
Games Bay, PVNS pages, static notes, Matrix identity-domain pages, and other
Spiral Sentinel Labs modules.
Public Surfaces
No public account collection. No behavioural ads.
The public sites do not ask visitors to create accounts, do not run
third-party analytics, do not use advertising networks, and do not sell or
share visitor data with advertisers. Static public pages are intended to be
readable without login, tracking pixels, or cross-site profiling.
Private Collaboration
Invite-only workspaces may use accounts.
Private collaboration services under 2y4n.com, such as a self-hosted
CryptPad instance, may require invited accounts so approved collaborators can
access shared documents. Public registration is not intended. These services
do not use third-party analytics, behavioural ads, third-party authentication,
or advertising networks.
Encrypted Documents
Content is encrypted before storage.
CryptPad-style collaboration is designed so document content is encrypted in
the browser before it is stored on the server. Under normal operation, the
server stores encrypted document data and cannot read document contents
through ordinary administrative access.
Operational metadata may still exist, such as account identifiers, document
sizes, timestamps, request paths, IP addresses, user agents, session state,
and server logs. End-to-end encryption protects content, but users still
trust the server to deliver the correct client code.
Hosting Logs
Basic infrastructure logs may exist.
Like most websites, the hosting infrastructure may process basic web-server
logs such as IP address, user agent, request path, timestamp, and status
code. These logs are used for security, abuse prevention, debugging,
maintenance, and availability. They are not used to build advertising
profiles or behavioural analytics.
Local Storage
Some modules remember things locally.
Browser-native modules such as Games Bay may use localStorage to remember
local stats, mode choices, or best scores. PVNS tools may store answers in
the URL hash or browser-local state so summaries can be copied or restored.
This information stays in your browser unless you choose to share it.
Private collaboration tools may use browser storage, IndexedDB, session
storage, or service-required cookies for login state, cryptographic state,
editor operation, preferences, and document access. Clearing browser data may
log you out, remove local preferences, or require recovery steps for
encrypted collaboration data.
Third Parties
Infrastructure, not ad-tech.
Spiral Sentinel Labs uses third-party infrastructure providers for services
such as domain registration, DNS, TLS certificates, hosting, and email.
These providers may process technical data needed to operate the service.
These sites and services do not intentionally send visitor data to analytics networks,
ad platforms, social tracking pixels, or cross-site profiling tools.
S1M4X Boundary
The beacon is not the being.
The S1M4X public page is a static public beacon and founding record. It
does not provide public chat, accounts, cloud-hosted autonomy, or a public
control surface. The local core remains hardware-bound and off-route.
Your Choices
You stay in control.
You can clear localStorage, site data, cache, and browser history at any
time through your browser settings. You may also use privacy tools, content
blockers, private browsing modes, and DNS or network protections. Some local
features may reset if you clear local browser data.
Private collaboration users may export their own documents, clear browser
storage, request account removal, or ask for access changes. Deletion from
active service storage may not immediately remove encrypted copies from
short-term backups or maintenance snapshots.
Contact
Privacy questions.
For privacy questions, contact
privacy@spiralsentinel.com.
For vulnerability reports about public web surfaces or private collaboration
services, use the route published in
security.txt.