Home / Privacy
Privacy
Countersign is a security and trust product, so we hold ourselves to the standard we sell: collect the minimum, keep no PII, and never make you take our word for it. This page says exactly what that means.
This marketing site (countersign.network)
- Cookieless. We measure aggregate traffic — page views, referrers, and clicks toward getting a key — to learn whether our launch and docs are working. Analytics run in memory-only mode: no cookies, no localStorage identity, no cross-site tracking, so there is nothing to consent to and nothing that follows you.
- No profiles, no PII. Events are anonymous and aggregate — we do not create person records, we do not fingerprint you, and IP is discarded. We never collect names, emails, or account data on this site.
- No session recording, no ads, no third-party ad networks. Analytics are provided by PostHog purely for our own funnel; the data is not sold or shared.
- Do Not Track is honored. If your browser sends a DNT signal, the analytics library is not even loaded.
The Countersign control plane (app.countersign.network)
- No PII, no KYC. A hard product invariant: the control plane holds policy, the freeze, and a signed audit ledger — never personal identity data. Self-serve signup issues a key and records only a sanitized, length-capped
?reflabel for attribution; there is no email or account collection. - No custody. Countersign never holds funds. It governs spend across vendor wallets you control; the wallets and keys stay with the vendors (Coinbase, Turnkey, Openfort) and with you.
- Testnet only. Everything today runs on testnets — no mainnet, no real value, no custody. Mainnet follows an independent security audit.
- Verify, don't trust. Every decision lands in an append-only, hash-chained, signed ledger whose checkpoint roots are anchored to a public chain. You can verify any entry offline with
npx @countersign/verify— you never have to trust our dashboard.
Contact
Questions about data or security: support@countersign.network · Security policy.
The short version: the site counts anonymous, cookieless aggregates so we can tell if the launch worked; the product holds no PII, takes no custody, and is independently verifiable. If we ever change any of this, it changes here first.