The same definitions from the Terms of Service §00 apply throughout this Privacy Policy. In particular:
All pages on damned.wtf are static, client-side only educational resources. There is no server-side backend, no database, no user accounts, no login systems, no persistent data storage, and no analytics or tracking implemented or controlled by the Operator.
The sole purpose of this site is to educate visitors about browser security, privacy concepts, and related technical topics. Nothing here is intended as a commercial service.
Cloudflare) for basic delivery, caching, and DDoS protection. This is standard web infrastructure behaviour entirely outside the Operator's direct control — refer to your hosting/CDN provider's privacy policy for their logging and data retention practices.
The Operator does not set or read cookies, pixels, beacons, localStorage for tracking, or any form of persistent identifier.
The Operator uses no information because none is collected or retained. The purpose of the Site is purely educational — to demonstrate concepts in a transparent, zero-server context.
No cookies or tracking technologies are set by the Operator.
The Operator shares nothing — there is nothing to share. The Operator does not sell, rent, trade, or disclose visitor information to any third party (because no such information exists). Third-party requests described above are initiated directly by your browser and are not proxied, intercepted, or logged by the Operator.
For visitors in the European Economic Area (EEA) or United Kingdom subject to the EU or UK General Data Protection Regulation: the only processing that occurs is the delivery of static content to your browser. This is based on legitimate interest (Article 6(1)(f) GDPR) — specifically, providing free educational resources to visitors who have actively navigated to the site.
In compliance with GDPR Articles 12–14 transparency obligations (a 2026 EDPB enforcement priority): the Operator confirms in plain language that no personal data is collected, stored, or processed by the Operator beyond what your browser and your CDN/hosting provider handle as standard infrastructure. The Operator does not profile visitors, build audiences, or engage in any automated decision-making.
Since the Operator holds no personal data, GDPR data subject rights — access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21) — cannot be meaningfully exercised against us. There is nothing to act on. Requests relating to CDN or hosting data should be directed to those providers (e.g., Cloudflare's privacy policy). Requests relating to third-party services (e.g., Mullvad) should go to those parties directly.
No Data Protection Officer (DPO) is required or appointed, as the Operator does not engage in large-scale or systematic monitoring of individuals, nor process special category data.
Regarding international data transfers (GDPR Art. 13/14/46): the Operator transfers no personal data — any infrastructure-level data (e.g., server logs) is governed solely by your CDN or hosting provider's own privacy policy and transfer mechanisms.
As a small personal, non-commercial website operated by a single individual, damned.wtf qualifies as a micro-enterprise under EU definitions and benefits from applicable DSA exemptions including reduced reporting obligations. The Operator commits to the following baseline DSA principles:
As of 2026, comprehensive privacy laws are in effect across numerous US states including California (CCPA/CPRA), Virginia (CDPA), Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Nebraska, Maryland, Indiana, Kentucky, and Rhode Island, among others.
None of these laws apply to the Operator because: (a) the Operator collects zero personal information from anyone, and (b) virtually all state laws only impose obligations on entities that collect data from 25,000–100,000+ state residents and/or derive revenue from the sale of personal data — neither of which applies here.
The Operator does not sell, share, rent, or trade personal information, does not process sensitive personal data, and does not engage in targeted advertising. There is no personal data to request, correct, delete, or opt out of — residents of any US state have no actionable privacy rights to exercise against the Operator because nothing is held.
All content on this site is provided strictly for personal, educational, and informational purposes.
Prohibited uses include, without limitation:
This site and all content are provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, accuracy, or non-infringement.
To the maximum extent permitted by applicable law, the Operator of damned.wtf — a single private individual operating a personal, non-commercial educational site with no registered legal entity — shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising from your use of or inability to use this site, including reliance on any information presented here.
The Operator's total aggregate liability for any and all claims arising from your use of the Site shall not exceed zero monetary value in any currency, cryptocurrency, token, or any other form of payment or consideration whatsoever — the Site has always been provided entirely free of charge, with no payment, subscription, fee, data exchange, or consideration of any kind required or solicited. This cap applies regardless of the theory of liability and regardless of whether the Operator was advised of the possibility of such damages.
Content on this site is for general educational purposes only and does not constitute professional security, legal, or technical advice. Do not rely on it as a substitute for professional consultation.
All original content, code, and design on damned.wtf is the property of the site operator unless otherwise noted. You may view and reference content for personal and educational use. Reproduction, redistribution, or commercial use without explicit permission is prohibited.
Third-party libraries, fonts, or services used on this site retain their respective licenses and ownership.
This site is not directed at children under the age of 13 (under US COPPA), or under 16 where applicable under GDPR. The Operator does not knowingly collect any data from anyone of any age.
The FTC's amended COPPA Rule (effective June 23, 2025; compliance deadline April 22, 2026) expanded the definition of personal information to include mobile phone numbers, government-issued IDs, and biometric identifiers. The Operator collects none of these. No children's information is shared with third parties because no information is shared with anyone. No verifiable parental consent is sought or required — there is simply nothing to consent to.
The content on this site is technical and educational in nature, intended for users with a baseline understanding of web and browser technologies. If you are under the applicable age in your jurisdiction, please use this site only with parental or guardian supervision.
Where any content on this site is substantially assisted by or generated with artificial intelligence tools, the Operator aims to label it as such as a voluntary transparency practice. The EU AI Act (effective August 2, 2026 for most provisions) does not apply to this site — it regulates providers and deployers of AI systems, not individuals who use AI tools to assist in writing static content. This labeling is a best-effort commitment to transparency and does not create an enforceable obligation.
The site itself does not use machine learning, make predictions about individuals, or constitute automated decision-making with any legal or significant effect.
The page at damned.wtf/infosec is a static cybersecurity education guide. The following privacy-specific clarifications apply:
With no backend, database, or stored user data, there are no user records that could be breached from the Operator's side. The site is served over HTTPS. Security of your own device, network, and browser is your responsibility.
This policy is governed by and construed in accordance with applicable law. As this is a personal, non-commercial educational site with no established legal entity, no single jurisdiction is designated; however, you agree that your use of this site complies with the laws of your own jurisdiction. Nothing in this policy limits rights you may have under applicable mandatory consumer protection or data protection laws in your country of residence.
The Operator may revise this policy at any time. The "Last updated" date at the top of this page reflects the most recent revision. Non-material changes (e.g. wording clarifications) take effect immediately upon posting — continued use constitutes acceptance. If a material change is ever made to data collection practices (currently: none collected), that change will be made clearly visible on this page. Checking this page periodically is your responsibility.
This site does not provide anonymity. It does not protect your privacy. It is not a security tool. Nothing here will make you harder to track, safer online, or less identifiable to any third party.
You are solely responsible for your own security and privacy posture.
The Operator holds no user data of any kind — no logs, no session records, no identifiers, no IP addresses, no usage history. There is nothing to produce in response to any legal demand, subpoena, or court order directed at the Operator regarding user behaviour, because no such data exists.
In the event of any law enforcement request or legal process:
By accessing this site, users acknowledged and agreed to the full Terms of Service — including the Release of Claims, Assumption of Risk, and Law Enforcement clauses — upon first access. Those terms remain binding.
By using this site, you agreed to indemnify, defend, and hold harmless the Operator of damned.wtf — a single private individual — from any claims, damages, losses, or expenses arising from your use of the site, your violation of the Terms of Service, or your misuse of any content or tool found here. This obligation is set out in full in the Terms of Service §11 and is incorporated into this policy by reference.
The following protections survive indefinitely after you stop using this site and cannot be waived by the passage of time or cessation of use: