open-distance is designed not to know who you are.
What we receive
The origin and destination strings you send (addresses or coordinates).
Cloudflare's standard edge logs (request IP, user-agent, country) — used
for abuse mitigation and aggregated traffic analytics only. We do not
attempt to identify individual users.
What we store
Geocode cache (Cloudflare KV, 30-day TTL):
SHA-1(normalized_address) → { lat, lon }. The
normalized address strings are stored. We do not store IPs alongside.
Leg cache (Cloudflare KV, 30-day TTL): keyed on
snapped road-graph node IDs (not addresses), value is travel time +
distance. This is a map fact, not personal data.
Edge response cache (Cloudflare's standard cache,
1-hour TTL on Distance Matrix responses): full JSON keyed by URL.
What we don't do
No cookies. No localStorage. No tracking pixels. No analytics SDKs.
No external resources (fonts, scripts, images) — everything served from
the same origin.
No JavaScript on the demo page beyond the small inline form handler.
The form does not access geolocation, camera, microphone, or any other
browser permission.
No accounts, no API keys to register, no contact required to use.
If you want to keep even the URL private
Self-host. The whole stack is open source under Apache 2.0; fork the repo
and deploy it on your own Cloudflare account for ~$5/month. See
CONTRIBUTING.md.
Contact
Open an issue on the GitHub repo if you have a privacy concern with the
hosted deployment at open-distance.com.