Privacy Policy
plain language, no tricks.

Overview

kief.dev is operated by Kief Studio LLC, a cybersecurity and developer tools company based in Shrewsbury, Massachusetts. This site provides free developer tools that require no account, and Vekt, a free supply chain security tool. This policy covers both. The short version: we collect very little, we don't sell anything, and most of what passes through our systems is never written to disk.

Analytics

We use Plausible Analytics, hosted in the EU. Plausible is cookieless -- it sets no cookies, stores no personal data, and cannot track individual users across sessions or sites. It gives us page views and referrer data in aggregate. No Google Analytics. No Facebook Pixel. No tracking scripts from ad networks. Plausible is fully GDPR compliant by design.

Developer tools

The free tools on kief.dev (DNS lookup, SSL checker, security header analyzer, encoder/decoder, diff tools, and others) require no account and store nothing. Any input you provide is processed server-side to fulfill the request and then discarded. We do not log tool inputs, outputs, or the content of any queries you make. If a tool uses AI (powered by OpenRouter), your input is sent to the model provider for inference and immediately discarded -- we never log it, and it is not used to train models.

Vekt

Vekt is a local-first tool. Scanning happens on your machine. No lockfile content is sent to our servers -- the CLI queries OSV.dev (operated by Google) directly with package name, version, and ecosystem coordinates. Their privacy policy applies to those requests. We do not receive, log, or store your lockfile content or scan results.

Vekt browser extension

The Vekt browser extension detects package registries (npm, PyPI, crates.io, etc.) and enriches package pages with security data. It transmits only three things to our API: the package ecosystem, the package name, and the package version. Nothing else. Specifically, the extension never transmits:

• Browsing history or URLs outside of recognized registry pages
• Page content, DOM data, or screenshots
• Cookies or localStorage
• Any data about pages that are not recognized package registry pages

The extension works in incognito/private browsing mode without storing any state. It uses the GitHub API for repository enrichment data (stars, issues, last commit) on npm packages that link to GitHub. GitHub's privacy policy governs those requests.

Blog and newsletter

The kief.dev blog runs on Ghost. Reading posts requires no account. If you subscribe to the newsletter, Ghost uses a magic link flow -- you provide your email address, we store it for the purpose of sending you the newsletter, and you can unsubscribe or request deletion at any time. Email us at privacy@kief.studio and we will delete your address within 30 days.

What we do not collect

To be explicit about the things we do not collect:

• Browsing history (the extension never touches this)
• Lockfile or package contents beyond the duration of a scan request
• Tool inputs or outputs from the free developer tools
• Cookies used for tracking (Plausible is cookieless)
• Device fingerprints or canvas fingerprints
• Cross-site tracking data of any kind

Third-party services

Services we use and what data they may receive:

• Plausible Analytics (EU) -- anonymous aggregate traffic data
• OSV.dev (Google) -- package identifiers during Vekt scans (sent directly from your machine)
• OpenRouter -- AI tool inputs (processed for inference, not retained)
• GitHub API -- package names for repository enrichment in the browser extension

Your rights

Under GDPR (if you are in the EU) and CCPA (if you are in California), you have the right to access, correct, delete, and port your personal data. To exercise any of these rights, email privacy@kief.studio. We will respond within 30 days. Because we collect very little personal data, most requests are straightforward.

Data retention

• Analytics: aggregated only, no individual data retained at any point
• Tool inputs and scan content: never written to disk, not retained
• Newsletter email addresses: retained until you request deletion

Children

kief.dev is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has submitted personal data through this site, contact us at privacy@kief.studio and we will delete it promptly.

Changes to this policy

We will update this page if our data practices change in any meaningful way. Check the "last updated" date at the top to know if anything has changed since you last read it. We will not make retroactive changes that weaken your privacy protections without notice.