Privacy Policy
Last updated: 7 May 2026
Who we are
FluffyStack (fluffystack.dev) is a cloud service comparison tool. The site is operated by Andi Chandler. If you have questions about this policy, use the feedback form.
Short version
FluffyStack does not have user accounts. There is no sign-in, no password, no email collection, and no tracking cookies. The site catalogues public information about cloud services; you browse it, build lists, and export them — all without telling us who you are.
The only data we ever store is what you actively submit: feedback messages and the contents of approved-service lists you choose to share via a public URL. Both are described below.
What we collect
| Data | When | Why |
|---|---|---|
| Feedback text | When you submit the feedback form | Product improvement, bug triage |
| Approved-list contents | When you POST to /v1/lists to share a list | Generates the public URL you share with colleagues |
| Outbound-link click counts | When you click an external link (vendor docs, pricing pages) | Aggregate usage signal — no IP, no identity, just “link X was clicked N times” |
| IP address (request logs) | Cloudflare Workers + Pages standard logs | Abuse defence; rotated by Cloudflare per their retention policy |
What we do NOT collect
- No user accounts — no email, name, avatar, or password
- No tracking cookies; no advertising cookies
- No record of which services you browse, search for, or add to a list (until you actively share that list)
- We do not run Google Analytics, Facebook Pixel, or any third-party tracking scripts
- We do not sell or share data with third parties
- We do not have a database of users to leak
Analytics
We use Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies, does not track individual users, and anonymises IP addresses. It tells us aggregate page-view counts and nothing else. No consent banner is required under GDPR for this kind of analytics.
Local storage
FluffyStack stores the following in your browser's localStorage (not cookies — localStorage never leaves your device and is never sent to our servers):
cloudatlas-approved-services— your Service Builder listcloudatlas-reading-prefs— accessibility preferences (font, spacing, motion)cloudatlas-colour-filter— visual stress colour-filter choice
All of this is functional — it exists to make the site work, not to track you. Clear it any time via your browser settings.
Where data is stored
The two pieces of data we store server-side — feedback submissions and shared approved-list contents — live in a Cloudflare D1 database hosted in the Western Europe (WEUR)region. Cloudflare is a US-incorporated company with EU data-processing agreements in place. The API runs on Cloudflare Workers at the edge — your requests are processed at the nearest Cloudflare data centre to you.
Data retention
- Shared approved-service lists expire after 90 days
- Feedback submissions are kept for product improvement — deleted on request
- API status-history entries are pruned after 7 days
- Outbound-click counts are aggregated indefinitely; no individual events are retained
Your rights (GDPR / UK GDPR)
Because we don't hold a user account against you, most of the standard subject-access requests resolve quickly:
- Access — if you want to know what data is associated with you, the answer is almost certainly “none”. Exceptions: feedback you submitted, or shared lists you created.
- Erasure — we will delete any feedback or shared list you can identify (e.g. by quoting its content or its public URL) within 30 days of request.
- Rectification — ask us to correct anything inaccurate in feedback or list metadata.
- Portability — for shared lists, the JSON of the list is already available at
/v1/lists/{id}. - Object — object to processing of your data.
To exercise any of these rights, use the feedback form. We will respond within 30 days.
Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Cloudflare Pages + Workers | Hosting + API | Standard HTTP request data (IP, headers) |
| Cloudflare Web Analytics | Aggregate page views | None (cookie-free, IP-anonymised) |
Changes to this policy
We may update this policy from time to time. Material changes will be noted with a new "Last updated" date at the top. Continued use of the site after changes constitutes acceptance.
History
FluffyStack briefly had GitHub / Google OAuth sign-in and per-user API keys (versions 1.0–1.2). Both were removed in v1.3.0 (April 2026); the users table was dropped in migration 0005. If you signed up during that window your account record no longer exists. See the API changelog for the full history.