Privacy Practices

No Analytics, No Tracking

fcc.cc does not use Google Analytics, Google Tag Manager, Meta Pixel, Twitter/LinkedIn/Pinterest/TikTok pixels, Hotjar, FullStory, LogRocket, Mixpanel, Segment, Amplitude, Heap, Sentry, Bugsnag, Rollbar, or any other analytics, session recording, or tracking service. There are no tracking pixels, no fingerprinting scripts, no behavioral profiling. We do not build user profiles or sell data to anyone.

When you load most pages on fcc.cc, your browser only talks to fcc.cc. The next section explains the few cases where it doesn't.

Standard web server logs (IP address, requested URL, timestamp, user agent) are kept for operational and security purposes only. These logs are not shared with third parties and are rotated regularly.

No Advertising

There are no ads on fcc.cc. No ad networks, no sponsored content, no affiliate tracking. The site is not monetized through your attention or data.

Browser Storage (localStorage)

fcc.cc stores preferences and app state in your browser's localStorage — this part lives only on your device:

• Theme & layout — your chosen color scheme, background, text, and card colors (fcc:v2:*)
• Music preferences — playlists, saved items, recent searches, playback settings (musicfcc:*)
• Podcast progress — playback position, saved episodes, speed preference (fcc:pods:*)
• Game state — saved games, scores, and settings for sudoku, solitaire, crossword, and other games
• Weather locations — your saved locations for the weather dashboard
• UI state — dismissed tips, menu preferences, accessibility settings

If you sign in to an account, some of these preferences (theme colors, weather defaults, news topic weights, layout toggles) also sync to your account on our server so they follow you between devices — see Account Data below for the exact list.

You can clear local data at any time by clearing your browser's site data for fcc.cc, or by using your browser's developer tools to inspect and remove individual keys.

Cookies

fcc.cc sets no cookies on a first visit. Cookies are set only when you do one of two things:

• Vote or interact while signed out. An anonymous ID cookie (musicfcc_vote_id for the main site, news_uid for /news/) is set so we can recognize that you're the same logged-out person on a return visit and avoid double-counting your vote. These cookies hold only a random ID, no personal data.
• Sign in to an account. An authentication cookie (musicfcc_auth, plus a small per-app session cookie like fcc_news_session) is set so you stay logged in. These are HttpOnly, scoped to fcc.cc, and contain only an opaque session token.

There are no marketing cookies, no third-party cookies, and no cookie consent banners because there is nothing to consent to beyond these functional cookies.

Account Data

If you create an fcc.cc account, we store your username and email address. Sign-in uses passwordless magic links — we never store a password. We do not share account information with third parties.

For signed-in users, the following also lives on our server (in addition to your browser's localStorage), so your settings follow you between devices:

• Theme & layout — theme preset, custom background / text / card / line colors, reduced-motion preference, compact-layout toggle
• Weather — default unit (°F vs °C), default location, saved locations, most-recent location, widget section toggles
• News — topic weights you've adjusted in the news preferences panel
• History — your votes on history items
• Music & community — votes on music, policy, and community items; saved/bookmarked items; achievements; recent-activity feed
• Direct messages — if you use /dm/, the messages between you and other accounts. Stored on our server, not end-to-end encrypted.

You can delete your account and all associated server-side data from your My Account page at any time. You can also download a copy of your account data (votes, comments, library, activity log, etc.) as a ZIP of JSON files from the same page. Direct messages are not included in the download — they're encrypted at rest, and we don't put their contents in a portable file. Sign in and visit /dm/ to read or delete them there.

Comments

Comments across the site (on blog posts, forum threads, and shouts) are handled by self-hosted systems running on our own server. Comment data is not sent to any third-party service. Each comment stores your display name and the comment text.

Posting a comment requires a signed-in account. There is no anonymous commenting.

How Third-Party Data Is Handled

Some features need data from external services (weather forecasts, Wikipedia summaries, podcast cover art, museum images, news source thumbnails). We handle these in one of two ways:

Routed through our backend

For news cards, podcast cover art, music thumbnails (including the /music/ tape-card covers), recent art and photography, the homepage weather widget, quote-of-the-day speaker images, library book covers and author photos, library audiobook MP3 streams, Wikipedia summaries, place-name geocoding, all of /weather/'s data (forecasts, archive, air quality, marine, NWS severe-weather alerts, NOAA tide stations and predictions, sunrise/sunset, rainviewer radar tiles, reverse-geocoding) and its ambient hero video, and shout/blog preview images on the homepage, your browser only ever talks to fcc.cc. Our backend fetches the public resource, caches it permanently to disk, and serves it back to you. The third-party service sees only our server's IP, never yours. The proxy uses a strict allowlist of known hosts and validates redirect targets to prevent it being abused as an open proxy. Once we've fetched a particular cover, audiobook chapter, or summary once, it stays hosted on our server forever — subsequent visits get it instantly and the third party isn't contacted again.

The weather data sources we proxy on your behalf are: Open-Meteo (forecast, history, air quality, marine, geocoding), NWS (severe-weather alerts), RainViewer (radar tiles), NOAA Tides & Currents (tide station list + predictions), Sunrise-Sunset (twilight times), BigDataCloud (reverse-geocoding fallback when our place-name database has no hit). Listed here so you can read their policies and trust the chain; your browser never contacts them.

For /astro/ the proxied data sources are: NASA (APOD — Astronomy Picture of the Day, EPIC — DSCOVR Earth imagery), JPL Solar System Dynamics (close-approach asteroids and fireball events), NOAA Space Weather Prediction Center (GOES X-ray flux, planetary K-index, solar-wind plasma), Where The ISS At and Open Notify (live ISS position), NASA SDO and SOHO (live solar imagery + corona), and webcam imagery from the European Southern Observatory, the NRAO Very Large Array, the Canada-France-Hawaii Telescope, telescope.org, and AllSkyCam. All proxied through fcc.cc with aggressive caching (5–15 minutes for live imagery, 60 seconds for solar/space-weather feeds, 15 seconds for ISS position) so the upstream services never see your IP and your browser only ever talks to fcc.cc.

/earthquakes/ queries the USGS earthquake catalog (FDSN web service) through the same proxy chain — 5-minute cache per query, no upstream contact from your browser.

Direct browser requests (specific feature pages)

When you actively use one of the dedicated feature pages below, your browser makes a request directly to the public API. Those services may log your IP per their own privacy policies, which we link to.

These calls happen only when you visit those specific pages. The fcc.cc homepage and most other pages make no third-party requests at all.

Your Rights & Controls

• Clear all local data: Open your browser's settings, find site data for fcc.cc, and delete it. This removes all localStorage keys and cookies.
• Inspect stored data: Open your browser's developer tools (F12), go to the Application or Storage tab, and browse the localStorage keys under fcc.cc.
• Block third-party requests: Use a content blocker or browser extension to prevent requests to external APIs. Core site functionality will still work.
• Delete your account: Go to your My Account page to delete your account and all server-side data.

Verify These Claims

You don't have to take our word for any of this. The site is built with standard HTML, CSS, and JavaScript — open your browser's developer tools and inspect every network request, cookie, and localStorage entry yourself.

Three independent third-party scanners verify our setup from the outside. Click any of these to run the scan live against fcc.cc (results may take a moment to refresh):

• Webbkoll — run by Dataskydd.net, a Swedish digital-rights nonprofit. Audits HTTPS, headers, cookies, referrer policy, and third-party requests.
• Blacklight — run by The Markup, a nonprofit investigative newsroom. Loads the page in headless Chrome and instruments for canvas fingerprinting, session recording, third-party cookies, and known tracker scripts.
• Mozilla Observatory — run by the Mozilla Foundation. Grades HTTP security headers and best practices.

Internally, every code change to fcc.cc runs through an automated privacy audit (scripts/privacy_audit.py) that scans for tracker-pattern matches and any auto-loaded external host outside our short, disclosed allowlist. Pull requests fail if the audit finds anything new.

Changes

If these practices change, we will update this page with a new date. We are committed to never adding analytics or tracking.

Contact

For privacy-specific questions or to request your data, email barkbark@mailbox.org. For anything else, use the support tickets page or reach out through IRC chat.