Live
Transparency

Privacy Policy

Last Updated: April 2026  ยท  Version: 2.0.0

Policy Sections

  1. Overview & Governance
  2. How It Works
  3. Signal Taxonomy
  4. Research Mandate
  5. Third-Party Processing
  6. Retention & Security
  7. Compliance & Rights

01Overview & Governance

Fingrasp is a specialized research instrument engineered to study the landscape of browser fingerprinting. This policy outlines our data governance framework, ensuring that all technical signal collection adheres to principles of Data Minimization and Purpose Limitation.

By participating in this research, you are contributing to a dataset used to evaluate the entropy and stability of modern web APIs. We operate under a "Privacy by Design" mandate, where technical signal collection is strictly decoupled from personal identity.

02How It Works

Fingrasp collects device fingerprints through a secure, automated process. Here is the full flow:

1

Land & Detect

When you visit, the system identifies your device platform using standard browser APIs and hardware signals.

2

Verify & Select

You confirm your device model and complete a human verification check to protect the research database from automated abuse.

3

Collect & Store

Your browser signals are gathered, hashed into a unique fingerprint, and securely stored for research analysis.

Collection Pipeline
Detect Platform
โ†’
Human Verification
โ†’
Secure Archival

03Signal Taxonomy

The following technical signals are processed during a collection event:

Signal Category Parameters Sensitivity
Environment metadata User-agent, locale, timezone, DNT status Technical
Hardware Architecture Platform, CPU cores, memory, Screen/DPR profile Technical
Environmental Analytics Behavioral interaction scores Technical
Heuristic Indicators Screen-hardware consistency Technical
Entropy Drivers WebGL renderer info, Canvas/AudioContext hashes High Entropy
Network Indicators Anonymized IP (Masked), Connection Type Pseudonymous
Composite Identifier SHA-256 cryptographic hash of collected strings Primary Key

We explicitly strictly prohibit the collection of Protected Health Information (PHI), Financial Records, or PII such as names and addresses.

04Research Mandate

Non-Identification Principle: Our processing logic is incapable of reversing a fingerprint hash into a person. Records are stored as independent technical snapshots with no cross-site tracking capabilities.

Bot Detection Benchmarking

Analyzing legitimate device variability to improve the accuracy of bot-detection algorithms across different platforms.

Entropy & Privacy Analysis

Identifying which browser features contribute most significantly to device uniqueness to inform future privacy standards.

05Third-Party Processing

To maintain research integrity and prevent automated abuse, we utilize Cloudflare Turnstile. Turnstile captures specific interaction and network signals to verify human presence. This processing is subject to Cloudflare's Privacy Policy. Fingrasp does not share your generated fingerprint with Cloudflare.

06Retention & Security

Data is hosted within secure, encrypted environments with strict access controls. IP addresses are anonymized at the point of ingestion (masking the final octet/bits). Records are subject to a defined retention period, after which they are either purged or transformed into high-level statistical aggregates that cannot be linked to the original device state.

07Compliance & Rights

While our data is pseudonymous, we honor the spirit of the GDPR and CCPA. Participants may request deletion of their specific fingerprint record by providing their Fingerprint Hash, which is the only key capable of identifying a record in our system.

Data RequestsContact us through our project repository with your Fingerprint Hash ID