Privacy Policy
Last updated: June 2026
Heron is a network monitor that runs on your device, in your home. It does not
collect your data. It does not send your data anywhere. This policy explains what happens, and what doesn't.
What Heron does
Heron watches DNS traffic on your local network. It sees which devices talk to
which domains. It stores this information on the device itself, a Raspberry Pi
Pico 2 W that sits in your house.
What Heron does not do
Heron does not:
- Send your data to any server, ever
- Create an account for you
- Ask for your name, email, or any personal information
- Use cookies, trackers, or analytics
- Share anything with third parties
- Store data outside your home
The device has no cloud component. It works entirely offline after setup.
What the setup page does
To set up Heron, you visit a web page (heron.local or the URL printed on the
box). That page:
- Talks to your Heron over USB, using your browser's WebSerial API
- Verifies the device is genuine using a cryptographic check that runs entirely
in your browser
- Sends your Wi-Fi name and password to the device over the USB cable
The setup page makes zero network calls. Nothing leaves your browser. The
The cryptographic verification uses a public key embedded in the page. No server
is contacted.
What the dashboard does
After setup, you access your Heron through a dashboard at heron.local. The
dashboard is a web page that runs in your browser. It talks directly to the
device on your local network. No data passes through any external server.
Your data
All DNS traffic data stays on the Heron device. You can delete it by resetting
the device. There is no remote wipe, because there is no remote connection.
Children
Heron does not collect personal data from anyone, including children under 13.
There is nothing to collect.
Changes to this policy
If this policy changes, the updated version will be posted at the same URL.
Since Heron does not collect your contact information, we cannot notify you
directly.
Contact
If you have questions about this policy, email [email protected].
Legal jurisdiction
Northsline operates from Italy. This policy follows Italian and EU law,
including the GDPR. Since no personal data is processed, most GDPR obligations do not apply. But this policy exists to be transparent about that fact.