Last Updated: February 2026
We don't have your data. Period. 21orNot uses a Bring Your Own Key (BYOK) architecture. Your phone talks directly to the AI provider (Groq). There is no 21orNot server — just static code hosted on Cloudflare's CDN. We have no database, no user accounts, and no way to see what you scan.
Understanding our architecture is the best way to understand our privacy. Here's exactly what happens when you use 21orNot:
api.groq.com using your personal API keyThere is no 21orNot server. The website is a static page hosted on Cloudflare's CDN — it delivers the code that runs in your browser, and that's it. No backend, no API, no database.
| Data Type | Collected? | Details |
|---|---|---|
| ID images | No | Sent directly from your browser to Groq. We never receive them. |
| Scan results | No | Returned from Groq directly to your browser. We never see them. |
| API keys | No | Stored in your browser's local storage only. Sent only to Groq. |
| Names or DOBs | No | All personal data stays between your browser and Groq. |
| User accounts | No | There are no accounts. No login, no registration, no email. |
| Usage analytics | No | No tracking pixels, no analytics scripts, no cookies. |
| Deep scan results | No | Same as above — goes directly between your browser and Groq. |
Your Groq API key is stored exclusively in your browser's local storage — the same mechanism websites use to remember your preferences. It is:
api.groq.comWhen you scan an ID or run a deep scan, your browser sends data directly to Groq's API. This is governed by your own relationship with Groq — you signed up for your own API key and agreed to their terms. Groq's privacy policy applies to how they handle your API requests.
21orNot has no partnership, data-sharing agreement, or business relationship with Groq. You use their API independently.
21orNot is hosted on Cloudflare Pages. When you load the site, Cloudflare's CDN serves the static files. Like any CDN, Cloudflare may log basic access data (IP address, page requested, timestamp) as part of normal operations. This is standard web infrastructure — Cloudflare does not receive any scan data, API keys, or ID images. Those go directly from your browser to Groq.
We use Google Fonts for typography. Google may collect basic connection data (IP address) when fonts are loaded. No personal information is shared.
We encourage you to verify our privacy claims independently. Here's how:
api.groq.com and fonts.googleapis.comIf you see any request going to a 21orNot server with scan data, please report it — because that would be a bug, not a feature.
In the event of a data breach, your scan data would not be affected because we don't have it. There is no database to breach, no scan history to leak, and no user records to expose. The only thing hosted is the static website code itself — on Cloudflare's CDN, not a private server.
21orNot does not knowingly collect any data from anyone, including children. Since no personal data is collected or stored anywhere, COPPA compliance is inherent to our architecture.
If we change our architecture in a way that affects data flow (for example, if we ever add a backend server or route data through any server we control), we will update this policy prominently and clearly explain what changed and why.
Questions about privacy? Reach out:
We can't sell what we don't have. We can't leak what we don't store. We can't share what we never see. That's not a promise — it's our architecture.