Legal Documents

Enwek ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have over your data when you use the Enwek platform at enwek.com.

This Policy applies to all users of the Platform, including visitors, registered users, and verified domain owners.

We collect the following categories of personal information:

We do not collect payment information directly; any future premium features will be handled by a third-party payment processor under their own privacy policy.

A core part of Enwek's operation involves fetching and storing metadata about publicly submitted URLs. This is distinct from personal data. When a URL is submitted, our systems may:

• Fetch the page to extract its title, meta description, Open Graph image, and a text excerpt.
• Store a lightweight snapshot in our object storage (Cloudflare R2) for preservation and display.
• Resolve redirect chains and tracking parameters to identify the canonical URL.
• Compute a content fingerprint to detect future significant changes to the resource.
• Periodically re-fetch live URLs to check their health status (active, dead, redirected).

This data relates to public web resources, not to individuals. If you are a domain owner and wish to opt out of snapshotting or request snapshot removal, see Section 6.

All URL change history — including changes made by domain owners — is retained permanently as part of the library's transparency record and is publicly visible on the URL's canonical page.

We use the information we collect for the following purposes:

• Operating the Platform — authenticating accounts, displaying content, enabling submissions and community interaction.
• Deduplication and normalization — matching submitted URLs to canonical records to maintain a clean library.
• Reputation and ranking — aggregating engagement signals (likes, saves, references) to surface trusted, high-quality resources.
• Spam and abuse prevention — rate limiting, domain blocklisting, and enforcing submission policies.
• Platform improvement — understanding how users discover and interact with content to improve features.
• Communications — responding to support requests, notifying you of significant Terms or Policy changes.
• Legal compliance — processing valid takedown requests, responding to lawful legal demands.

We do not use your personal data to serve targeted advertising. Enwek is an ad-free platform.

We do not sell your personal data. We share information only in the following limited circumstances:

• Infrastructure providers — Cloudflare (hosting, CDN, DDoS protection, Workers, D1, R2, KV). Cloudflare processes data under its own privacy commitments and data processing agreements.
• Future hosting providers — As the Platform scales, backend infrastructure may migrate to dedicated servers (e.g. Hetzner). Any such provider will be bound by data processing agreements.
• Legal requirements — We may disclose your data if required by law, court order, or to protect the rights, property, or safety of Enwek, our users, or the public.
• Business transfer — In the event of a merger, acquisition, or asset sale, user data may be transferred. We will notify users before data becomes subject to a materially different privacy policy.

Public platform activity — submitted URLs, Topic titles, comments, and engagement counts — is visible to all Platform users by design, as Enwek is a public library. Your username is associated with your public contributions.

When you verify ownership of a domain on Enwek, we store your domain name, verification method, verified timestamp, and associated account. This record is used to authorize changes you make to URL records within your domain.

As a verified domain owner, you have the following data controls over Enwek's cached content for your domain:

• Snapshot removal — request deletion of cached text excerpts and images stored in our object storage for your URLs.
• Snapshot opt-out — disable future automatic snapshotting for specific URLs or your entire domain.
• Metadata correction — update inaccurate automated scrape results; corrections are logged with a timestamp.

Note: The canonical URL record, community engagement history, and URL change log are part of Enwek's public library and are not subject to deletion at domain owner request, except where required by applicable law.

To submit a domain data request, contact domains@enwek.com from the email associated with your verified account.

We use a minimal set of cookies and similar technologies:

We do not use advertising cookies, third-party analytics trackers, or social media pixels. We do not use Google Analytics or similar services.

You can control cookies through your browser settings, but disabling session cookies will prevent you from logging in.

We retain different types of data for different periods:

• Account data — retained for the life of your account. Deleted within 30 days of a verified account deletion request, except where legal obligations require longer retention.
• URL snapshots — retained indefinitely unless a valid removal request is received from a domain owner or rights holder.
• Community contributions (comments, Topic content) — retained as part of the public library. Upon account deletion, contributions are re-attributed to an anonymized account record rather than deleted, to preserve the integrity of discussions.
• Technical logs (IP addresses, access logs) — retained for up to 90 days for security and abuse investigation purposes, then deleted or anonymized.
• URL change history — retained permanently as a transparency record.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at privacy@enwek.com. We will respond within 30 days. We may need to verify your identity before processing requests.

We take the security of your data seriously. Our measures include:

• All data in transit is encrypted using TLS 1.2 or higher.
• Passwords are hashed using a strong one-way algorithm (bcrypt or Argon2); we never store plaintext passwords.
• Our infrastructure runs behind Cloudflare's DDoS protection and Web Application Firewall.
• Database access is restricted to application services with least-privilege credentials.
• Rate limiting is enforced at the edge to prevent brute-force and credential-stuffing attacks.
• Security incidents are reviewed and users are notified if their data is materially affected.

No security system is perfect. If you discover a vulnerability, please disclose it responsibly to security@enwek.com.

Enwek is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such data, we will delete it promptly.

If you are a parent or guardian and believe your child has provided personal information to Enwek without your consent, please contact us at privacy@enwek.com.

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users via email or a prominent Platform notice at least 14 days before the changes take effect.

The "Last Revised" date at the top of this page will always reflect the most recent update. Continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy.

For privacy-related questions, data requests, or concerns, please contact our privacy team:

• Privacy requests: privacy@enwek.com
• Domain & content requests: domains@enwek.com
• Legal & takedowns: legal@enwek.com
• Security disclosures: security@enwek.com
• Platform: enwek.com/privacy

This Privacy Policy is governed by the laws of the Federal Democratic Republic of Ethiopia. For users in the European Economic Area, we act as a data controller in accordance with the General Data Protection Regulation (GDPR) where applicable.