Privacy
Last updated: June 4, 2026
Only One Input ("OOI") keeps as little data about you as it can. No accounts, no logins, no tracking cookies, no advertising, no profile of you. This page explains what we actually touch and why.
Who runs OOI (data controller)
OOI is operated by Adam Skrzypczak, a sole trader based in Poland. For any questions about how your data is handled, or to exercise your rights, contact hello@onlyoneinput.com. For GDPR purposes, Adam Skrzypczak is the data controller for the personal data described below.
Free messages
What you type into the free input is broadcast to everyone connected at that moment, then overwritten by the next person. It is not stored anywhere. Only an integer counter ("total messages ever") survives. Once a free message is replaced, it is gone — unrecoverable, including by us.
Paid messages (the wall)
When you pay $1 or more to save a sentence on the wall, we store, for as long as the entry exists on the leaderboard:
- the sentence (the one you paid to preserve),
- the amount paid,
- a timestamp,
- the display name you chose (or none, if you left it blank — then your entry is anonymous),
- your optional patron link (the URL you provided to be displayed next to your name — only stored if you gave a display name),
- the payment processor's order ID, so we can match the entry to the payment for refunds and support.
Note: you appear on the wall as the patron of the sentence, not as its author. Authorship of the underlying sentence — typically anonymous — is not tracked. See the terms for the full framing.
We do not publicly publish your raw email address. We do not send you marketing emails. The receipt for your payment is sent by the payment processor, not us.
You can ask us to remove your paid message at any time — see contact below. We honor it; we do not refund a message that has already been displayed.
Payments — payment processor
Payments are processed by a third-party merchant-of-record payment processor. They handle card data, billing, tax, and your receipt. We never see your card number or full billing address. The current processor and a link to its privacy policy are shown during checkout.
Bot protection — Cloudflare Turnstile
The free input is guarded by Cloudflare Turnstile. It is privacy-preserving and cookieless by design. Cloudflare's handling is described in their Turnstile Privacy Policy.
Analytics — Umami
We use Umami for aggregate, anonymous analytics. No cookies, no cross-site tracking, no identifying information. We see things like "how many people landed today", not who you are.
Server logs
Cloudflare, which hosts the Site, keeps short-lived edge logs for abuse prevention and reliability (e.g. IP addresses, request paths). These are operational logs, not used for profiling, and roll over quickly. See Cloudflare's privacy policy.
Content moderation
Every message you submit (free or paid) is briefly processed by Meta's Llama Guard classifier running on Cloudflare Workers AI to detect content that violates the rules in the terms. The processing is automated, ephemeral (the model receives only the message text, returns a category label, and does not retain the input), and runs on Cloudflare's infrastructure — your message is not sent to Meta. Flagged paid messages are queued for manual review by the site operator before publication; flagged free messages are simply not broadcast.
Who we share data with (recipients)
We do not sell your personal data. We share the minimum necessary with these third-party processors so the Site can function:
- Cloudflare — hosting, edge logs, bot protection (Turnstile), AI inference for moderation, outbound email delivery for admin alerts. See Cloudflare's privacy policy.
- Payment processor (merchant of record) — handles card data, billing, tax, and your receipt for paid purchases. The current processor and a link to its privacy policy are shown during checkout.
- Umami — aggregate, cookieless, anonymous analytics for traffic counts. See Umami.
We also send moderation alert emails to the site operator (Adam Skrzypczak) when content is flagged for review. These alerts contain the message and any patron metadata you provided; they are not forwarded to any other party.
Legal basis for processing
We process your personal data on the following bases under GDPR Article 6:
- Performance of a contract (Art. 6(1)(b)) — to deliver the paid product (your permanent wall entry), display it as described, and process refunds when applicable.
- Legitimate interests (Art. 6(1)(f)) — to operate the Site, prevent abuse, and improve the service through anonymous analytics. We consider our interests proportionate and balanced against your privacy.
- Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and consumer law obligations where required.
How long we keep your data
- Free messages — not stored. Replaced by the next user.
- Paid wall entries — kept for as long as the entry remains on the wall (intended indefinitely; see the terms for caveats). If you ask us to remove your entry, the public-facing data is removed promptly.
- Payment records held by the payment processor — retained by the processor according to their own retention policy and applicable tax/accounting law (typically 5–7 years). We do not control that retention.
- Server logs — short-lived edge logs managed by Cloudflare; see their policy linked above.
International transfers
The Site is hosted on Cloudflare, which uses a global edge network including servers in the United States, the European Union, and elsewhere. Cloudflare provides appropriate safeguards (including Standard Contractual Clauses) for transfers outside the EEA. The payment processor (merchant of record) may also be located outside the EEA and provides its own safeguards under its own privacy policy, shown during checkout.
Your rights
If GDPR or similar data protection law applies to you, you have the right to:
- access the personal data we hold about you;
- have it corrected if it is inaccurate;
- have it deleted ("right to erasure");
- restrict or object to the processing;
- receive your data in a portable format;
- withdraw any consent you have given (where processing is based on consent);
- lodge a complaint with a data protection supervisory authority — in Poland, this is the Urząd Ochrony Danych Osobowych (UODO); in other EU/EEA countries, your local DPA.
To exercise any of these rights, email hello@onlyoneinput.com. We will respond without undue delay and at the latest within one month, as required by GDPR.