External surfaces stay separate.
mindburn.org links to HELM docs, HELM AI Kernel GitHub, and peycheff.com. Those sites may have their own logs, policies, and repositories.
MINDBURN LABS
Inspect surfacePrivacy notice
Site data stays narrow.
mindburn.org is built as a public reading surface. We keep site input small, use cookieless analytics, and keep private material out of public forms.
Last updated
The boundary in plain language.
This page names what the public site may receive, what it does not collect, and where reviewed HELM workflows begin.
No cookies Cookieless analytics No persistent visitor IDs No contact-form database Plain email reply path No private evidence intake No cookies Cookieless analytics No persistent visitor IDs No contact-form database Plain email reply path No private evidence intake
Read this first
Public website input is not HELM evidence intake.
Reviewed HELM workflows use separate intake, permissions, and evidence handling. This page covers only mindburn.org.
The short version
This site does not set cookies. It does not run advertising, retargeting, or cross-site tracking pixels. It does not sell visitor data.
What we collect
When you visit the site, our host may create normal request, security, and abuse logs. These logs can include time, URL, IP address, user-agent, and network signals.
We use Ahrefs Web Analytics for cookieless site analytics. Ahrefs receives page URL, referrer, user-agent, and location derived from IP address for aggregated traffic reporting; Ahrefs says raw IP addresses are discarded and not stored, and the tracker does not use cookies or persistent identifiers by default.
We do not use cookies, local-storage IDs, advertising pixels, retargeting pixels, or mailing-list trackers on this site. Optional Core Web Vitals reporting is off by default. If enabled, it sends aggregate page-load totals without cookies or visitor IDs.
Optional first-party intent events are also off by default. If enabled, they send a small list of page-level actions, such as HELM page clicks, GitHub clicks, contact submit, and derived scan-workbench counts. Scan events may include input kind, file extension, size bucket, finding counts, category or decision counts, custom MCP count, and export type. They do not include pasted content, uploaded file content, raw tool names, snippets, secrets, emails, cookies, or visitor IDs.
Public submission boundaries
Do not submit private repositories, source files, secrets, credentials, access tokens, customer records, or regulated documents through public forms or email.
The /scan/ workbench runs in your browser. Its contact handoff sends only the generated summary, categories, decision counts, and custom MCP count unless you separately choose to share more after human review.
Reviewed HELM workflows have their own intake, permissions, and evidence handling. Public website input is not a code-indexing service or private evidence channel.
Contact form
The contact form sends your category, name, company, role, work email, use case, message, and challenge token to /api/contact. The challenge provider helps reduce abuse. The email provider delivers the message to Mindburn. The public site does not keep a contact-form database.
If the form is opened from the assistant and you check the box to include your assistant prompt, that prompt text is forwarded with the contact handoff. If you do not check the box, the prompt is not included.
What to expect.
Use the controls to move through the few cases visitors usually care about before contacting Mindburn.
Ask before sending private material.
Start with a narrow note. A reviewed workflow can establish the right intake path after a human reply.