Privacy Policy

1. Overview

This Privacy Policy describes how the FOIA Repository (“the Service”), operated by Sailorbob.org in partnership with DutyStation.ai, collects, uses, and protects information when you access this website. The Service is committed to transparency and minimal data collection consistent with applicable U.S. federal laws, including the Privacy Act of 1974 (5 U.S.C. § 552a) and the E-Government Act of 2002 (Pub. L. 107-347).

2. Information We Collect

2.1 Information You Provide

The Service does not require account registration. We do not collect your name, email address, or phone number unless you voluntarily contact us at [email protected]. Search queries entered into the Service are processed client-side in your browser and are not transmitted to or stored on our servers.

2.2 Automatically Collected Information

When you visit the Service, our hosting infrastructure and CDN (Cloudflare) may automatically log:

• IP address (used for server routing and abuse prevention)
• Date and time of access
• Requested URL and referring page
• User-Agent string (browser type and operating system)
• HTTP response status codes

These logs are standard server access logs used for security, troubleshooting, and capacity planning. They are retained for a limited period and are not associated with your personal identity.

2.3 Cookies and Local Storage

The Service uses sessionStorage to remember that you have acknowledged the disclaimer modal. This data is stored in your browser and is cleared when you close the browser tab. The Service does not use tracking cookies, advertising cookies, or third-party analytics cookies.

3. How We Use Information

Automatically collected information is used solely for:

• Operating and maintaining the Service
• Monitoring for security threats and preventing abuse
• Diagnosing technical issues and improving performance
• Capacity planning and infrastructure scaling

We do not use collected information to build user profiles, serve targeted advertising, or sell data to third parties.

4. Information Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for commercial purposes. Server log data may be disclosed to law enforcement agencies only when required by law, court order, or legal process, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of the Service, its users, or others. Any such disclosure will comply with applicable federal law, including the Electronic Communications Privacy Act (18 U.S.C. § 2701 et seq.).

5. Third-Party Services

The Service utilizes the following third-party infrastructure:

• Cloudflare — Content delivery network and DNS. Cloudflare may process IP addresses and request metadata as part of its CDN and security services. See Cloudflare's Privacy Policy.
• SSL Certificate Authority — Let's Encrypt provides TLS certificates for this domain. No personal data is shared with this provider.

No advertising networks, social media trackers, or behavioral analytics platforms are integrated into the Service.

6. Data Security

The Service employs industry-standard security measures including TLS 1.2/1.3 encryption for all connections, firewall rules restricting access to administrative interfaces, and regular security updates. Server logs containing IP addresses are access-restricted to authorized personnel. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

Server access logs are retained for a maximum of 30 days, after which they are automatically purged. sessionStorage data is cleared when the browser session ends. We do not maintain long-term databases of user activity or search history.

8. Children's Privacy

The Service is not directed at children under 13 years of age and does not knowingly collect personal information from children. In compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., we do not knowingly collect any personal information from any person under 13. If you believe we have inadvertently collected such information, please contact us and it will be promptly deleted.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of any personal data we hold about you
• Deletion — Request that we delete your personal data
• Correction — Request correction of inaccurate personal data
• Opt-out — You may opt out of any future communications at any time

Because the Service does not require registration and does not maintain user profiles, the practical impact of these rights is limited. To exercise any of these rights, contact [email protected].

10. FOIA Documents and Privacy

Documents hosted on this Service were released by U.S. Government agencies under FOIA. Before release, the originating agency is responsible for applying required redactions under FOIA Exemption 6 (personal privacy, 5 U.S.C. § 552b(b)(6)) and Exemption 7 (law enforcement, 5 U.S.C. § 552b(b)(7)). The Service does not independently redact or alter agency-released documents. If you believe a document improperly contains personal information that should have been redacted by the releasing agency, please contact us and we will review the matter.

11. DoD Privacy Program References

This Privacy Policy is informed by the DoD Privacy Program established under 32 CFR Part 287 and the DoD FOIA Program under 32 CFR Part 286. While this Service is privately operated and is not a DoD component, we align our privacy practices with these frameworks given the nature of the documents we host.

12. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be reflected by updating the “Last updated” date above. We encourage you to review this page periodically.

13. Contact

Privacy-related questions or requests may be sent to [email protected].