P31 Labs, Inc. — EIN 42-1888158 — Georgia domestic nonprofit corporation.
Effective date: 2026-05-01.
P31 Labs, Inc. is a Georgia domestic nonprofit corporation (incorporated 2026-04-03, EIN 42-1888158). We build open, neurodivergent-centered tools and infrastructure. Our 501(c)(3) application (Form 1023-EZ) was filed 2026-04-30 and is pending IRS determination; we are not yet recognized as tax-exempt.
This policy describes how we handle personal data across our public surfaces. We are the “data controller” (in GDPR terminology) for data processed under our direct control. Where Cloudflare, Stripe, or other third parties act as separate controllers or processors, their own policies govern that processing.
We do not sell personal data. We do not operate advertising networks. We do not have an email marketing list or newsletter.
We collect the minimum data necessary to operate each service. The following subsections describe each surface separately.
p31ca.org is a static site served via Cloudflare’s CDN.
We do not set first-party analytics cookies or tracking pixels. Some pages use
localStorage or
sessionStorage in your browser for UX state
(for example: onboarding progress, interface dial position). This data is stored entirely
in your browser and is never transmitted to our servers. You can clear it at any time
through your browser’s site data settings.
Cloudflare’s network will log standard HTTP access data (IP address, user agent, timestamp, referrer, bytes transferred) for security, abuse prevention, and CDN optimization. This logging is governed by Cloudflare’s privacy policy, not ours.
Several of our services are implemented as Cloudflare Workers backed by Durable Objects (SQLite) and KV storage:
k4-agent-hub skill dispatch. When you invoke a skill on k4-agent-hub, your input is routed to a language model inference endpoint. The default configuration routes to a locally-operated Ollama instance under the operator’s control — your input is not sent to third-party AI platforms by default. If an instance operator configures a remote inference endpoint (e.g. a cloud LLM API), inputs are forwarded to that endpoint; you should consult the instance operator’s configuration for the specific endpoint in use. Skill inputs and outputs are not stored beyond the session log retained in Durable Objects SQLite (deleted on session expiry).
We log standard Cloudflare request metadata (IP, user agent, timestamp) on all Worker requests for security and abuse monitoring. We do not use this log data for advertising.
bonding.p31ca.org includes an optional multiplayer mode. When you join or create a multiplayer session:
We do not link room participation to any individual identity.
Donations are processed by Stripe through donate-api.phosphorus31.org. Stripe collects your payment card details, billing name, and email address directly; we never receive or store your card number, CVV, or full card details.
P31 Labs receives from Stripe only limited transaction metadata: the donation amount, timestamp, and a Stripe customer ID (a pseudonymous token assigned by Stripe). We use this solely to track donation receipts and respond to donor inquiries. We do not build marketing profiles from payment data.
Cloudflare logs HTTP request metadata (IP address, user agent, timestamp, HTTP method, response code) for all requests to our domains. These logs are retained by Cloudflare under Cloudflare’s own data retention policies. We may access aggregated log data to investigate security incidents or abuse. We do not routinely export or store raw request logs ourselves beyond what Cloudflare’s dashboard provides.
Our services are not directed to children under 13 as independent users. We do not knowingly collect personal information directly from children under 13 through p31ca.org or any of our public consumer surfaces.
The k4-agent-hub family dock allows a guardian to activate minor vertices within a family mesh. This is an operator-side technical API. Activation requires an Ed25519-authenticated guardian signature and a child-mesh-unlock token. The guardian — not the minor — is the account holder and data principal. We treat any data stored under a minor vertex as belonging to the guardian’s account and process it under the guardian’s consent.
The Cognitive Passport and BONDING tools may be used by minors with active guardian involvement. The Cognitive Passport generator runs entirely in your browser and generates no server-side record; no personal data is transmitted to us.
If you believe a child under 13 has submitted personal data to us without appropriate guardian consent, please contact us at [email protected] and we will delete that data promptly.
Our static pages, Workers, Durable Objects, and KV storage run on
Cloudflare’s global network. All traffic to
our domains passes through Cloudflare and is subject to
Cloudflare’s privacy policy.
Cloudflare may set cookies (e.g., __cflb,
cf_clearance) for load balancing and
bot mitigation; these are not under our direct control.
Payment processing is handled by Stripe, Inc. Stripe’s processing is governed by Stripe’s privacy policy. P31 Labs is a Stripe merchant; we do not share your payment data with other parties.
Our pages load the Atkinson Hyperlegible and JetBrains Mono typefaces from fonts.googleapis.com. When your browser loads a Google Font, your IP address is sent to Google’s servers. This is governed by Google’s privacy policy. Cloudflare may cache these font responses at the edge; in that case, the request may be served without reaching Google’s origin servers.
We do not embed advertising pixels, third-party analytics scripts (e.g., Google Analytics, Meta Pixel), or session recording tools on our static deliverables.
Depending on where you live, you may have rights regarding your personal data, including the right to access, correct, delete, or restrict our processing.
For data you have stored in k4 mesh Workers (k4-personal, k4-cage, k4-hubs), you control your data directly through the API. You can delete your content at any time through the API endpoints.
For any other request — including deletion requests for donation records or security
log data — email us at
[email protected]
with the subject line [privacy]. We will respond
within 30 days. We may need to verify your identity before acting on a request.
We are a small nonprofit. We handle privacy requests manually and in good faith.
Our services are operated from the United States by a U.S. nonprofit. If you access our services from the European Economic Area, United Kingdom, or another jurisdiction with data protection laws, please be aware:
We are a small nonprofit. We do not currently have a formal EU representative or Data Protection Officer. If you have concerns, we encourage you to contact us directly before filing a supervisory authority complaint.
We may update this policy when our data practices change (for example, when we launch new services or when our 501(c)(3) status changes). When we update it, we revise the effective date at the top of this page. Material changes that affect how we handle data you have already provided will be communicated via a notice on this page for at least 14 days before taking effect.
Continued use of our services after the effective date of an updated policy constitutes acceptance of the revised terms.
Privacy questions, data requests, and COPPA inquiries:
[privacy]
© 2026 P31 Labs, Inc. — Terms · Security · Accessibility