We need to collect as little user data as possible to protect Privacy especially since we expect to attract High risk users
Whatever data we do collect must be anonymized immediately at the point of collection (no supply chain attacks)
How WeWrite protects your data
Here's what Claude came up with lol
Hash IP addresses with a salt that's regularly rotated
Only store the first 3 octets of IPv4 addresses
Delete raw IPs immediately after processing
Use k-anonymity when aggregating location data
Avoid logging identifying metadata
Don't track browser fingerprints
Skip logging referer headers
Use aggregate counts instead of individual events
Set short data retention periods (14-30 days)
Deploy end-to-end encryption
Use zero-knowledge analytics tools like Plausible or Fathom
Host analytics infrastructure in privacy-respecting jurisdictions
Implement warrant canaries
Set up automated data purging
Strict role-based access to analytics
Audit logs for data access
Data access requires 2FA
Split access credentials between multiple team members