First-Party By Default
The platform is designed around a simple rule set: no tracking, no analytics, no external scripts, and strict delivery through Cloudflare-native infrastructure.
Principles
- No tracking
- No analytics
- No external scripts
Stack
Cloudflare Workers
Edge execution layer for API and runtime surfaces.
D1
SQLite-compatible persistence for users, flows, executions, and logs.
KV (optional)
Fast cached state where eventual consistency is acceptable.
Security Rules
| Rule | Why |
|---|---|
| Strict CSP | Prevents third-party script drift and narrows the allowed asset surface. |
| No cookies leak | Keeps session scope controlled and reduces accidental cross-surface exposure. |
| No third-party JS | Removes hidden analytics or dependency-chain trust problems. |
Docs implementation status
This docs site follows the same principles: all search, styling, and copy-code behavior are served from local assets only.
Future
Encryption Layer
More explicit encryption behavior for sensitive data flows and communications.
Zero Knowledge
Reserved direction for stronger privacy boundaries where product requirements justify it.