Privacy

Last updated May 7, 2026

Risk Mapper is built to collect as little as possible. We don't use cookies, we don't load third-party trackers, we never see the contents of your matrix, and we don't sell or share data with anyone.

What we do not collect

• ❌No cookies. Your local matrices live in your browser's storage and never leave it unless you explicitly click Share.
• ❌ No third-party scripts. Nothing in your browser talks to anyone other than this site.
• ❌ No exact IP addresses. Your IP is anonymized on our server before any analytics event is recorded (see below).
• ❌ No matrix content. The text you type into risks, mitigations, or notes is never sent in any analytics payload. When you share a matrix, it is encrypted on your device first; the server only ever sees opaque ciphertext.
• ❌ We do not sell, rent, or share your data with any third party.

What we do collect

We run a small, self-hosted analytics service to understand which parts of the tool are useful. Each event records the page URL, referrer, browser, operating system, screen size, language, and a coarse approximate location derived from the anonymized IP.

These are the named events the app fires:

• pageview A visit to a page on this site.
• share_matrix You created a cloud share link for a matrix.
• copy_worksheet You copied the matrix to the clipboard. Includes a `type` of `plain` (Markdown) or `rich` (HTML).
• download_pdf You downloaded the matrix as a PDF.
• first_pool_item You typed your first risk in the brainstorm pool.
• first_grid_item You added your first risk to the matrix grid.
• first_mitigation_typed You typed your first mitigation under any risk.
• first_mitigation_starred You starred your first mitigation.
• first_notes_content You typed something into the notes editor.

Events carry the name only. They do not carry the title of your matrix, the text of any risk or mitigation, or any other content you have typed. When you view a shared matrix, the unique identifier in the URL (the part after /grid/) is stripped before the page URL is reported.

How we anonymize your IP

Your browser never talks to the analytics service directly. It posts each event to our own server, which strips most of the identifying bits from your IP address before forwarding it. We keep enough information to estimate which country or region the request came from, but not enough to identify you across visits, and the salt used for the remaining randomization rotates daily.

Verify any of this

The entire site is open source. If you want to confirm any of the above, the code is at github.com/ActivistChecklist/riskmapper.