We don't want your data.

Most websites track everything you do. This website does not.

Your Personal Information

We don't need your personal info to show you public records, so we simply don't collect it. There are no user accounts, no tracking pixels, and you don't need to subscribe to any newsletters.

Looking for how we redact search logs?

This page explains how we protect you (the visitor). If you want to know how we redact sensitive info from the police logs we publish, check our Redaction Policy.

Read about Data Redaction →

What the Database Contains

Step 1

A citizen obtains search logs (spreadsheets) from police.

Step 2

That citizen posts the logs online or sends them to us.

Step 3

We import the logs into a private, searchable database.

Step 4

You search that database here.

We don't do any lookups in any third-party databases and we don't log what you search for.

That said, the source files themselves (the logs) are all public record; anyone can obtain them directly from the source.

The Reality of the Internet

Unlike many of the agencies discussed on this site, we want to be honest and transparent about the infrastructure we don't own: this site currently runs on Hetzner—though Flock is trying to change that. A quick overview of the information currently retained:

To deliver its service, Hetzner can see your IP address as well as encrypted traffic between you and the service. Traffic is decrypted inside a virtual machine owned and run by Hetzner; although Hetzner could theoretically intercept data at that level, doing so would violate applicable law.

On the virtual machine itself, the haveibeenflocked.com website retains the following information:

  • 24 hours of application logs, including irreversably hashed or partial IP-addresses.
  • Slow query logs (sanitized to remove search terms).
  • An irreversible hash of your user agent (browser) + IP-address (for unique visitor analytics).

Some settings, like the columns you have selected for audit reports or whether you have dismissed warning notices, are stored locally in your browser.

While we don't log your searches, we do track security incidents. In cases where security incident detection is triggered, your IP-address may be retained beyond the stated period (for example, by placing it in a "fail2ban jail").

Government and Flock-affiliated visitors should note that we apply the same data retention philosophy to them that they apply to the public: information observed in the course of normal operations may be retained indefinitely and used for investigative purposes.

Performance Metrics (Web Vitals)

In production, this site collects anonymous Core Web Vitals (CLS, LCP, INP, FCP, TTFB) to help us debug layout shifts and performance regressions.

What is collected:

  • Metric name and numeric score.
  • Performance rating (good, needs improvement, or poor).
  • Page path — the URL without any query string or fragment.
  • Route name (e.g. home, agency).
  • Navigation type (e.g. navigate, reload).
  • A session-scoped metric ID generated by the web-vitals library. It is not linked to a user account, cookie, or fingerprint.

What is not collected:

  • IP address or user agent.
  • Cookies or any stored identifier.
  • Query strings (which may contain search terms).
  • Anything linkable to an individual person.

Data is written to a local log file on the server. It is not stored in the database, not shared with third parties, and not used for advertising.

Have a question that wasn't answered here? humans@haveibeenflocked.com