# Privacy Policy

**Echoes of Play — echoesofplay.com**
**ERRERlabs — errerlabs.com**
**Last updated: July 2026**

---

## The short version

We don't collect your data. We can't collect your data. There is no mechanism to collect your data. This page makes zero network connections. Your thoughts and memories never leave your device.

---

## What we collect

Nothing.

No personal information. No email addresses. No names. No IP addresses. No device fingerprints. No usage analytics. No behavioral data. No metadata. Nothing.

## What we store

Nothing on our end.

The application stores reflections and memories in your browser's local storage — a small database that lives on your device and is controlled entirely by you. We never see it. We never access it. We have no mechanism to access it.

It also stores a few small preferences the same way: today's mood choice, your text size choice, whether the optional music is on, and whether you've seen the intro. These live on your device only, like everything else, and are erased by the same "delete everything" button.

You can export this data as a JSON file at any time from the info panel (the &#9432; button). The export is generated on your device as a local file — no upload, no server. You can delete everything with one button in the same panel. When you delete it, it is gone. We have no backup because we never had a copy.

One honest caveat: localStorage belongs to your browser, not to us. If you clear your browser data, use private/incognito mode, or your device's storage manager evicts site data, your entries can be lost. If something matters to you, export it.

## What we transmit

Nothing.

This application makes zero network connections after the initial page load. No API calls. No analytics pings. No telemetry. No font requests. No CDN calls. No WebSocket connections. No beacon transmissions. The network tab in your browser's developer tools will be empty.

For completeness: the service worker (sw.js) requests copies of the application's own files from the same domain, once, so the app can work offline. Those requests carry no user data — they are the app downloading itself. Nothing you write is ever in any request.

If you use the optional share or copy buttons, your device's own share sheet or clipboard does the carrying — the application hands the text to your operating system and steps away. Nothing is transmitted by the application itself, and nothing is shared unless you choose to share it.

You are encouraged to verify this yourself.

## Cookies

There are none. See our [Cookie Policy](COOKIES.md).

## Third-party services

There are none. No analytics (no Google Analytics, no Mixpanel, no Amplitude, no Plausible, no Fathom, no anything). No advertising. No social media integrations. No embedded content. No third-party scripts. No CDNs. No external fonts.

The only external link on the page is to errerlabs.com, which opens in a new tab and transmits no data from this application.

## Audio and microphone

We do not access your microphone. The Web Speech API in current browsers sends audio to external servers for processing, which would create a network connection. We will not include audio features until browsers support reliable local-only speech recognition. No shortcuts.

## Children

This application does not knowingly collect any information from anyone, including children. Since we collect nothing, there is nothing to collect from children. The application contains no advertising, no in-app purchases, no social features, and no external links beyond the ERRERlabs homepage.

## Data processing basis (GDPR)

We do not process personal data. There is no data controller because there is no data to control. There is no data processor because there is nothing to process. There are no data flows because there is no data.

If you are in the European Economic Area, United Kingdom, or Switzerland: your rights under GDPR — access, rectification, erasure, restriction, portability, objection — are fully satisfied by the fact that we hold none of your data.

## California residents (CCPA/CPRA)

We do not sell personal information. We do not share personal information. We do not collect personal information. There are no categories of data to disclose because there are no categories of data.

## International users

This application works the same everywhere. Since no data is transmitted, no data crosses any border. Your data stays on your device regardless of where you are.

## Law enforcement

We cannot comply with data requests because we have no data. A subpoena for user records would return nothing, because nothing exists. We have designed it this way on purpose.

## Data breaches

There is nothing to breach. There is no server. There is no database. There is no user table. There is no authentication system. The attack surface is zero because the surface is zero.

## Changes to this policy

If this policy changes, we will update the date at the top. The core commitment — that we collect nothing, transmit nothing, and store nothing on our end — is architectural. It cannot change without rewriting the entire application. If that ever happens, it would be a different product, and we would say so.

## Forking and copying

This privacy policy, like the application, is licensed Apache 2.0. If you fork Echoes of Play, you may use this policy as a starting point. If you modify the application to add network connections, analytics, or data collection of any kind, this policy no longer applies to your fork and you must write your own.

The commitments in this document are true because of how the software is built, not because of what we promise. If you change the architecture, you change the truth.

## Contact

Karl Meves / ERRERlabs
GitHub: github.com/kmay89
Web: errerlabs.com

---

*This policy is written in plain language because legal language obscures meaning, and obscured meaning is the enemy of informed consent. If a privacy policy requires a lawyer to understand, it is not serving the person it claims to protect.*
