Posture · privacy-first
What we
don't collect.
Source data flows from Bitcoin's own peer-to-peer protocol into a self-hosted full node (bitcoind + electrs). Extraction runs offline on infrastructure we control. Snapshots are distributed from a CDN bucket we control (Cloudflare R2). At no point does the viewer's browser talk to a third-party data provider.
The viewer pages on timechaingrid.com and timechaingraph.com ship system fonts only — no Google Fonts, no Adobe Fonts, no CDN-hosted libraries. Verifiable with the DevTools Network tab during a full session: every request goes to a domain we own.
The developer API at api.timechaingrid.com requires Google or GitHub OAuth to mint an API key. That is opt-in identity for developers who want a key — it lives on a different subdomain and never runs on the viewer. The viewer stays observably anonymous.
- ▸Self-hosted bitcoind + electrs
- ▸Static parquet on own CDN (Cloudflare R2)
- ▸No third-party scripts, no Google Fonts
- ▸No analytics, no fingerprinting
- ▸No per-viewer telemetry
- ▸Donations via Lightning — no KYC
- ▸OAuth lives only on api.* subdomain
- ▸Tor onion service planned for v0.3
Verification
Open DevTools, switch to the Network tab, and reload either domain. Every request should resolve to a domain we operate (timechaingrid.com, timechaingraph.com, or our own R2 bucket). If you see a request to anything else, that's a bug — open an issue.
API user data
For developers who sign in to the API: we store your provider subject (Google or GitHub user id), email (for account recovery only — no marketing), API key hashes, and aggregated request counts. We do not log per-call query strings, viewer IPs, or browser fingerprints. Account deletion purges everything; aggregate counters are anonymized.