Legal

Privacy Policy

Last updated: June 2026

Heron is a network monitor that runs on your device, in your home. It does not

collect your data. It does not send your data anywhere. This policy explains what happens, and what doesn't.

What Heron does

Heron watches DNS traffic on your local network. It sees which devices talk to

which domains. It stores this information on the device itself, a Raspberry Pi

Pico 2 W that sits in your house.

What Heron does not do

Heron does not:

  • Send your data to any server, ever
  • Create an account for you
  • Ask for your name, email, or any personal information
  • Use cookies, trackers, or analytics
  • Share anything with third parties
  • Store data outside your home

The device has no cloud component. It works entirely offline after setup.

What the setup page does

To set up Heron, you visit a web page (heron.local or the URL printed on the

box). That page:

  • Talks to your Heron over USB, using your browser's WebSerial API
  • Verifies the device is genuine using a cryptographic check that runs entirely

in your browser

  • Sends your Wi-Fi name and password to the device over the USB cable

The setup page makes zero network calls. Nothing leaves your browser. The

The cryptographic verification uses a public key embedded in the page. No server

is contacted.

What the dashboard does

After setup, you access your Heron through a dashboard at heron.local. The

dashboard is a web page that runs in your browser. It talks directly to the

device on your local network. No data passes through any external server.

Your data

All DNS traffic data stays on the Heron device. You can delete it by resetting

the device. There is no remote wipe, because there is no remote connection.

Children

Heron does not collect personal data from anyone, including children under 13.

There is nothing to collect.

Changes to this policy

If this policy changes, the updated version will be posted at the same URL.

Since Heron does not collect your contact information, we cannot notify you

directly.

Contact

If you have questions about this policy, email [email protected].

Legal jurisdiction

Northsline operates from Italy. This policy follows Italian and EU law,

including the GDPR. Since no personal data is processed, most GDPR obligations do not apply. But this policy exists to be transparent about that fact.