Skip to main content

Trust & Privacy

In one sentence

The pieces you ship are logic-free, Octet keeps no per-user store, and the reasoning behind a verdict is never returned to anyone.

The trust boundary

Think of the system in three tiers, by how exposed each part is:

TierWhatWhere it livesExposure
ShippedThe collector (the set of signals it reads)The browser, served by youLogic-free — acceptable to be visible
In transitThe signal bundlePasses through your edgeShows what is collected, not how it is judged
ProtectedThe reasoning that produces a verdictOctet servers onlyNever shipped, never returned

The single line that holds the whole model together: the collector and the edge only collect and forward. The moment a rule, a threshold, or a lookup table landed in either of them, the method would be in your hands. It never does. See How It Works.

What Octet never returns

Octet returns country, confidence, and alarm. It does not return the signals it weighed, which signals mattered, or any reasoning. That is not an oversight — it is the product. Surfacing the "why" would hand out a map of the method, so it stays server-side.

Statelessness and the device key

Octet does not keep a per-user store. For each session it computes a verdict and lets it go.

If you want returning-visitor continuity, the verdict carries a stable device key — an opaque identifier you can persist on your side to recognise a returning browser. Octet does not store it for you; whether to keep it, and for how long, is your decision and lives under your privacy policy.

Data-handling posture

  • The collector reads non-sensitive browser attributes and triggers no permission prompts (no geolocation, camera, or microphone). See What Gets Collected.
  • Signals flow first-party (browser → your domain) and then server-to-server (your edge → Octet). The browser never contacts Octet.
  • Octet is stateless per user. You remain the data controller for your users; integrate Octet in line with your own privacy obligations.

Where to go next