TimeToWarpTimeToWarp
Think different about the web.
 Home  Navigator  Gallery  About  FAQ 
TimeToWarp.com — Privacy Policy

Privacy Policy

How TimeToWarp handles your data.

Last updated: 2026-04-11

Plain-English summary: TimeToWarp does not run analytics, does not use behavioural tracking, does not sell data, and does not show third-party ads. The only cookies we set are two strictly-necessary functional cookies for the embedded chat feature, and they are only created after you voluntarily start chatting. You can request deletion of any data we hold at any time by emailing serge.kulnev@gmail.com.

1. Who we are

TimeToWarp is a free, AI-powered web service that takes any modern website URL and generates a 1998 GeoCities-style transformative parody version of it. The service is operated as an independent project by Sergei Kulnev (serge.kulnev@gmail.com) from the United States. By using TimeToWarp you agree to this Privacy Policy and our Terms of Service.

2. What we collect

2.1 Information you actively provide

  • URLs you submit for warping. Stored alongside the generated output for moderation, abuse-prevention, and to power the public gallery.
  • Chat messages and nicknameif you choose to use the embedded Navigator's public chat rooms.
  • Abuse / takedown reports you submit, including any email or name you choose to provide for follow-up.

2.2 Information collected automatically

  • IP address. Used for per-IP rate limiting, abuse prevention, repeat-infringer tracking under DMCA §512(i), and short-term security logging. In long-term aggregate analytics tables the last octet of IPv4 addresses (and the last 80 bits of IPv6 addresses) is zeroed before storage to pseudonymise the record (GDPR Art. 4(5)).
  • User-Agent and Referrer headers for compatibility and inbound-traffic understanding.
  • Cookies — see §6 below for the exhaustive list.

2.3 What we do NOT collect

  • We do not use Google Analytics, Facebook Pixel, Hotjar, Mixpanel, or any third-party advertising / behavioural tracking system.
  • We do not require accounts, signup, email, or payment to use the basic service.
  • We do not attempt to collect precise geolocation, biometric data, or device fingerprints beyond what appears in standard server access logs.

3. Why we collect it (legal bases)

Operating the service, rate-limiting abuse, content moderation, DMCA repeat-infringer tracking, chat functionality, and processing abuse reports all rest on our legitimate interest in running a safe service, except where the law (e.g. 17 U.S.C. §512(i)) imposes a stricter obligation. We do not engage in any processing that would require GDPR consent.

4. Data retention

  • Aggregate page-view events: 90 days, then auto-deleted.
  • Chat messages: 30 days, then auto-deleted.
  • Generated sites: indefinite, until takedown, admin removal, or your deletion request.
  • Submitter IP per generated site: indefinite, as required for §512(i) repeat-infringer tracking.
  • Abuse / DMCA reports: indefinite (compliance evidence under §512).

Automated cleanup runs daily and enforces the periods above. For categories listed as "indefinite" we delete on legitimate request unless retention is required by law.

5. Third-party processors

To deliver TimeToWarp we share specific data with the following processor categories. Each is bound by their own privacy policy.

  • Large-language-model providers — receive the submitted URL, the scraped HTML excerpt, and the extracted page essence in order to generate the parody. We do not name the specific vendors in public-facing copy because the underlying model mix changes over time; we provide the names on request to regulators or rights holders.
  • Google Safe Browsing v4 — receives the submitted URL for malware/phishing screening before generation.
  • Cloudflare — DDoS mitigation, WAF, geo-blocking, rate limiting and CAPTCHA at the edge. Sees all HTTP traffic and your IP.
  • SMTP provider — sends abuse-report acknowledgements and admin alerts.

None of these processors are used for advertising, retargeting, or analytics. We do not share data with data brokers.

6. Cookies

TimeToWarpsets exactly two first-party cookies, both classified as "strictly necessary" under EU ePrivacy guidance and CCPA functional-cookie exemptions, and both only created after you voluntarily open the embedded chat:

  • mzcid — HttpOnly signed session cookie that identifies your chat session. 30 days, sliding.
  • mznick — JavaScript-readable cookie that remembers the nickname you chose for the chat. 30 days, sliding.

We do not set any tracking, advertising, or analytics cookies. You can delete both cookies through your browser settings at any time; the chat will simply prompt you for a nickname on your next visit.

We also use localStorage to remember that you have dismissed the one-time cookie notice (key: ttw-cookie-notice-dismissed) so we don't show the same banner twice. localStorage is not a cookie and is never transmitted to the server.

7. Your rights

We honour the following rights for all users worldwide, regardless of jurisdiction:

  • Right to know what personal information we hold about you.
  • Right to access a copy of that information.
  • Right to deletion("right to be forgotten"), subject to legal retention requirements.
  • Right to correct inaccurate information.
  • Right to object to any non-essential processing (we do not currently engage in any).

Residents of California (CCPA / CPRA), the EU / UK / Switzerland (GDPR / UK GDPR), and Brazil (LGPD) have additional statutory rights which we honour preemptively. TimeToWarp does not sell personal information and does not share it for cross-context behavioural advertising.

To exercise any of these rights, send a request to serge.kulnev@gmail.com. Because we do not use accounts, we will ask for information sufficient to verify your request — typically the IP, cookie ID, or generated page slug related to your data. We respond within 30 days.

8. Children's privacy (COPPA)

TimeToWarp is not directed to children under the age of 13 and we do not knowingly collect personal information from them. If you are a parent or guardian and believe your child has provided personal information, contact serge.kulnev@gmail.com and we will delete it promptly.

9. Security

We protect the data we hold using HTTPS / TLS for every connection, bcrypt-hashed admin passwords, server-side input validation and SSRF protection on user-submitted URLs, a five-level content moderation pipeline, per-IP Redis-backed rate limiting, and Cloudflare WAF + DDoS protection at the edge. No system is perfectly secure, but we take the practices that make targeted compromise difficult. For responsible vulnerability disclosure, email serge.kulnev@gmail.com.

10. International transfers

TimeToWarp is operated from the United States. If you access the service from outside the US, your information is transferred to and processed in the US. Where applicable, our processors maintain Standard Contractual Clauses for cross-border transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via a banner on the site for at least 30 days before taking effect. The "Last updated" date at the top of this page indicates the latest revision.

12. Contact

For any privacy question, data subject request, or to exercise any of the rights above:

This Privacy Policy was drafted based on industry-standard templates. It has not been independently reviewed by legal counsel and should not be construed as legal advice. We encourage rights holders and visitors with concerns to reach out directly.

← Back to home · Privacy · Terms · DMCA

privacy · © 2026 TimeToWarp Project