Privacy Policy
Last updated: April 12, 2026
The 30-second version
4dpocket is a self-hosted product. When you run 4dpocket on your own machine or server, your knowledge base - the items you save, the notes you write, the tags, summaries, and search index - lives only on that machine. It never touches us, our hosting providers, or any third party. We have no SaaS backend. We have no access to your data. There is nothing to breach.
This privacy policy covers only the marketing website at 4dpocket.onllm.dev. It does not (and cannot) cover the data inside a self-hosted 4dpocket instance - that data is governed entirely by whoever runs that instance.
What this site is
4dpocket.onllm.dev is a static marketing and documentation page for the open-source 4dpocket project. Its only purpose is to describe the product and link you to the source code and install instructions. It does not run any part of 4dpocket itself.
What we collect on this site
Anonymous analytics (Google Analytics 4)
We use Google Analytics 4 to understand which pages are read, which install instructions are clicked, and roughly where in the world visitors come from. This helps us prioritize what to improve.
| Data | Purpose | Retention |
|---|---|---|
| Page URL, referrer, session duration | Understand which content is useful | 14 months |
| Anonymized IP & coarse geolocation (country) | Language / regional relevance | 14 months |
| User agent (browser, OS, device class) | Ensure the site works everywhere | 14 months |
| Random analytics ID (cookie) | Distinguish unique vs returning visits | 2 years max |
Analytics are tied to a random cookie ID. They are not tied to any name, email, or account. Google Analytics is configured with IP anonymization enabled.
Theme preference
When you toggle dark or light mode, we store your preference in your browser's localStorage under the key 4dpocket-theme. It never leaves your browser.
What we don't collect
- Anything you save inside a self-hosted 4dpocket instance - we have no way to see it.
- Account names, emails, or passwords (this site has no accounts).
- Advertising identifiers, behavioral profiles, or data sold to third parties.
- Contact lists, files, photos, or anything from your device.
- Session recordings, heatmaps, or full-page replay.
Cookies used by this site
| Cookie / Storage | Set by | Purpose | Lifetime |
|---|---|---|---|
_ga, _ga_* |
Google Analytics | Distinguish unique vs returning visitors | Up to 2 years |
4dpocket-theme (localStorage) |
This site | Remember your dark/light mode choice | Until you clear it |
You can opt out of Google Analytics by installing the official opt-out browser add-on, or by blocking third-party scripts in your browser. The site works fine without analytics.
Third parties
This site loads the following third-party resources:
- Google Fonts (Inter, Outfit, JetBrains Mono) - Google sees your IP when fonts are requested.
- Google Analytics (G-DL6C40HTGQ) - anonymized usage telemetry.
- onllm.dev - shared design-system CSS (
https://onllm.dev/assets/css/main.css). - GitHub, PyPI, GHCR, BuyMeACoffee - linked out; they have their own privacy policies.
We do not share any data with these providers beyond what your browser sends when it loads the resource (request URL, user agent, IP).
Your rights (GDPR, CCPA, and friends)
You have the right to:
- Access any data we hold about you - on this marketing site, that's limited to anonymous analytics tied to a random ID.
- Delete that analytics data. Contact us (see below) and include the random analytics ID if you have it; otherwise clearing your cookies removes the link entirely.
- Opt out of analytics at any time via the Google opt-out add-on or by blocking scripts.
- Complain to your local data protection authority if you believe your rights have been violated.
For data inside a self-hosted 4dpocket instance, direct your requests to whoever operates that instance. We cannot see or delete data we never receive.
Children's privacy
This site is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has interacted with this site, contact us and we will delete any associated analytics data.
Data security
This site is static HTML served over HTTPS. There is no login, no database, and no user-submitted content. Analytics traffic to Google is encrypted in transit. Because we collect no personal data on this site, there is no user database to breach.
The 4dpocket software
4dpocket itself is licensed under the GNU GPLv3. Self-hosted instances are governed entirely by their operators - we have no relationship with and no access to them. If you are a user of a 4dpocket instance hosted by someone else (your employer, a friend, a community), their privacy policy applies, not this one.
For reference, the security model of the 4dpocket software includes: JWT auth with httpOnly strict-SameSite cookies, SSRF protection on every processor, DNS rebinding protection on media downloads, DOMPurify on all HTML paths, prompt-injection filtering before LLM calls, bcrypt password hashing with constant-time dummy hashes, per-user data isolation at the query level, and parameterized SQL throughout. See the security section of the README for full details.
The 4dpocket browser extension
The 4dpocket browser extension (Chrome/WebEXT) lets you save content to your self-hosted 4dpocket instance directly from the web. Since the extension talks directly to your instance, not to any onllm.dev server, this privacy policy does not apply to data sent through the extension.
The extension can only access pages you explicitly choose to save. It does not crawl, track, or monitor your browsing. All saved content goes only to the 4dpocket instance URL and API key you configured in the extension settings.
What the extension stores locally
| Data | Where | Purpose |
|---|---|---|
Your instance URL (e.g. http://localhost:4040) |
chrome.storage.local |
Know where to send saves |
| Your API key | chrome.storage.local |
Authenticate to your instance |
| List of saved tab URLs | chrome.storage.local |
Show recent saves in the popup and avoid duplicate saves |
None of this data leaves your browser. The extension does not send your API key or saved content to onllm.dev, Google, or any third party — only to your own configured instance.
What the extension does not do
- It does not track your browsing history.
- It does not send data to any server other than your configured 4dpocket instance.
- It does not use analytics, telemetry, or error-reporting services.
- It does not read page content without your action (you must click the extension icon to save).
The extension is open source. You can review the code at the link above before installing.
Changes to this policy
If this policy changes, we will update the Last updated date at the top and note the change in a commit to the public repository. There is no mailing list, so there is no way to be notified directly - check back here or watch the repo.
Contact
Questions, deletion requests, or privacy concerns: open an issue at github.com/onllm-dev/4DPocket/issues or email contact@onllm.dev.