Privacy
Last updated June 12, 2026 · Applies worldwide · changelog
The short version
- No ads, no tracking cookies, no cross-site profiling — so no cookie banner.
- The impact tool never stores the address you type. We keep a one-way hash and the computed result so your share link works.
- We never sell, trade, or share personal data with anyone, including donor information.
- Analytics are cookieless and aggregate-only (Vercel Web Analytics).
- Questions you ask the AI go to Anthropic's API and are not used to train models.
- Anyone, anywhere — not just California, the EU, or the UK — can ask us to show, correct, or delete their data.
- We run from the United States. Where data crosses borders, we rely on recognized safeguards (SCCs / the EU-US Data Privacy Framework) — see International transfers.
DataCentersExposed is a one-person, donation-funded transparency project that now tracks data centers in dozens of countries. We hold powerful companies to account for what they collect and hide, so this policy is written to a higher standard than the law requires of a site our size — in plain English, with nothing buried, and the same rights for a reader in Dublin or Jakarta as one in Virginia.
Who runs this (the “data controller”)
DataCentersExposed is operated by Eric Keller(the “controller” for the purposes of the EU and UK GDPR). The project is based in the United States. The fastest way to reach a human about anything in this policy is [email protected]; a postal address for formal legal service is available on request through [email protected] (see the legal notice).
We have no establishment in the EU or UK, and the personal data we touch is minimal, occasional, and low-risk (no large-scale or special-category profiling). On that basis we rely on the exemption from appointing an Article 27 EU/UK representative. If that ever stops being true, we'll appoint one and name them here.
What we collect (and don't)
You can read everything on this site anonymously. No account exists, no tracking cookies are set, and nothing profiles you across the web — which is why there is no cookie banner (see the cookie statement). What does exist:
- Server logs.Our host (Vercel) records standard request data, including IP address, for security and abuse prevention. We don't use logs to identify or profile readers, and they age out on the host's standard rotation (30 days or less).
- Aggregate page stats. Vercel Web Analytics counts page views without cookies or persistent identifiers. We see totals and trends, never individuals.
- Email — only if you give it. If you email a tip or subscribe to updates, we keep your address for that purpose only, deliver mail through Resend, and delete it on request. Never sold, never shared.
- Rate-limit hashes. Heavy endpoints (like the impact tool) keep a salted, truncated one-way hash of your IP for an hour to stop abuse. The hash is pseudonymous — not trivially reversible to your IP.
The address-impact tool
This is the most sensitive thing on the site, so here is exactly what happens when you type an address:
- As you type, partial text is sent to Mapbox, our geocoding provider, to power address suggestions; the address you submit is geocoded the same way. Suggestion queries are never stored by us. The final geocoder response is cached (in Cloudflare R2, keyed by a pseudonymous one-way hash) for up to 90 days so repeat lookups don't hit Mapbox again.
- The address you typed is never written to our database.We store a one-way SHA-256 hash of the normalized address, coordinates rounded to three decimal places (~100m), your county/region and postal code, and the computed result — that's what makes your shareable link work. A salted, pseudonymous hash of your IP is stored with the result for abuse detection and auto-expires within 90 days.
- Nothing connects the lookup to your name or identity, and we never see who shared or opened a result link beyond aggregate counts.
Want a lookup's stored result deleted? Email the share-link token to [email protected] and it's gone.
Ask DCX (AI)
Questions you type into Ask DCX are sent to Anthropic's Claude API along with the database rows the model looks up. Under Anthropic's commercial terms, API inputs and outputs are not used to train models. We log questions and answers (without any account or identity attached) to improve the tool. Don't put personal information in your questions — it isn't needed to get an answer.
Donor privacy
We do not share, trade, sell, or otherwise release donors' personal information to anyone, for any reason, beyond what Stripe needs to process the payment. Donations never buy edits, removals, or softer coverage — see the ethics policy. Card details go directly to Stripe and never touch our servers.
Legal bases (EU / UK GDPR)
If you're in the EU/EEA or the UK, the law asks us to name a lawful basis for each thing we do with personal data. Here they are:
| What we do | Lawful basis |
|---|---|
| Serving pages, keeping the site secure, preventing abuse (server logs, rate-limit hashes) | Legitimate interests — running a safe, available public-interest service |
| Cookieless, aggregate analytics | Legitimate interests — no identifiers, minimal impact on you |
| The address-impact tool (geocoding + storing a hashed result for your share link) | Legitimate interests, and your action in requesting the lookup |
| Email updates | Consent — you opt in, and can withdraw any time |
| Processing a donation | Performance of your transaction, via Stripe; plus our legitimate interest in funding the project |
| Responding to tips, corrections, and rights requests | Legitimate interests, and where relevant our legal obligations |
Where we rely on legitimate interests, you have the right to object — see Your rights.
Who touches your data
Every third party in the stack, the only data each one handles, and the safeguard it relies on for any transfer outside your region:
| Service | Role | What it handles | Transfer safeguard |
|---|---|---|---|
| Vercel | Hosting + cookieless analytics | Standard server logs (incl. IP) for security; aggregate page-view counts | DPF + SCCs |
| Neon | Database | The public dataset, plus hashed impact-tool results (no raw addresses) | SCCs |
| Cloudflare R2 | File & cache storage | Cached geocoder responses (up to 90 days) and uploaded documents | DPF + SCCs |
| Mapbox | Geocoding for the impact tool | What you type in the address box (including partial text, for as-you-type suggestions), used to find coordinates | SCCs |
| OpenFreeMap | Map tiles | Your browser requests tiles directly when you view a map | Direct browser request |
| Anthropic | AI for Ask DCX | Your questions and our database lookups; not used for model training | DPF + SCCs |
| Stripe | Donations | Payment details — card numbers never touch our servers | DPF + SCCs |
| Resend | Email delivery | Your email address, only if you opt in to updates | SCCs |
DPF = EU-US / UK Data Privacy Framework · SCCs = Standard Contractual Clauses. We don't add new vendors to this stack without updating this table.
International transfers
The project runs on infrastructure in the United States, so if you're outside the US your data is processed there and possibly in other countries where our vendors operate. Where the law requires a safeguard for that transfer — for readers in the EU/EEA, the UK, Switzerland and similar regimes — we rely on the vendor's certification under the EU-US / UK Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (with the UK Addendum where relevant), as noted per vendor above. The practical safeguard is the same one we lean on everywhere: we deliberately collect almost nothing, so there is very little to transfer.
How long we keep it
| Data | Retention |
|---|---|
| Server request logs (incl. IP) | Host's standard rotation — 30 days or less |
| Rate-limit IP hashes | About one hour, then discarded |
| Cached geocoder responses | Up to 90 days, keyed by a pseudonymous one-way hash |
| Impact-tool stored result (hash + coords + county/ZIP) | Until you ask us to delete it |
| Email address (if you opt in) | Until you unsubscribe or ask us to delete it |
| Ask DCX question/answer logs | Up to 12 months, with no identity attached |
| Aggregate analytics | Indefinitely — it contains no individuals |
Government demands
If a government or litigant — in any country — demands reader data, our policy is to resist overbroad requests to the extent the law allows, to demand valid legal process, and to notify affected people before complying unless legally barred from doing so. Our best protection is structural: we deliberately hold almost nothing worth demanding.
Your rights
We don't check passports at the door. Anyone, anywhere can email [email protected] to ask what we hold about them, get it corrected, have it deleted, or get a copy. Expect an answer within 30 days (usually far sooner). There is nothing to opt out of selling, because we sell nothing — and no automated decision-making or profiling that produces legal effects.
- EU / EEA & UK: you have the GDPR rights of access, rectification, erasure, restriction, portability, and objection (including to processing based on legitimate interests), plus the right to withdraw consent at any time. You can also lodge a complaint with your local supervisory authority — for example the UK ICO or your national EU data-protection authority — though we'd appreciate the chance to fix it first.
- California:the CCPA/CPRA rights to know, delete, correct, and opt out of sale/sharing apply — we don't sell or share, and we don't discriminate against anyone for exercising a right.
- Everywhere else (Canada, Brazil, Australia, and beyond): we honor the same access/correction/deletion requests regardless of where you live.
Children
The site is not directed at children, and we knowingly collect nothing from anyone under 16 (or the minimum age of digital consent in your country, whichever is higher).
Changes
Every material change to this policy is listed here, dated, forever. No silent edits.
- June 12, 2026
Worldwide update: named the data controller, added GDPR/UK GDPR legal bases, an international-transfer section (the safeguard each vendor relies on), a retention table, and an explicit global-rights section covering the EU/EEA, UK, California, and everyone else. The substance didn't change — we still hold almost nothing — but now it's spelled out for readers anywhere.
- June 10, 2026
Impact tool gained as-you-type address suggestions: partial text now goes to Mapbox while typing (previously only the submitted address). Suggestion queries are not stored.
- June 9, 2026
Full rewrite: named every vendor, documented exactly what the impact tool stores, added donor-privacy pledge, government-demands stance, and this changelog.
- May 29, 2026
First published.
Related: Terms of use · Cookies · Legal notice · Ethics policy · Data licensing