cobalt's privacy policy is simple: no data about you is ever collected or stored. zero, zilch, nada, nothing.
what you download is solely your business, not mine or anyone else's.
if your download requires rendering, then data about requested content is encrypted and temporarily stored in server's RAM. it's necessary for this feature to function.
encrypted data is stored for
90 seconds and then permanently removed.
stored data is only possible to decrypt with unique encryption keys from your download link. furthermore, the official cobalt codebase doesn't provide a way to read temporarily stored data outside of processing functions.
you can check cobalt's
source code yourself and see that everything is as stated.
cobalt uses a self-hosted plausible instance to get an approximate number of how many people use it.
plausible is fully compliant with GDPR, CCPA and PECR, doesn't use cookies, and never stores any identifiable info, not even your ip address.
all data is aggregated and never personalized. nothing about what you download is ever saved anywhere. it's used just for anonymous traffic stats, nothing more.
plausible is fully open source, just like cobalt, and if you want to learn more about it, you can do so
here. if you wish to opt out of traffic stats, you can do it in settings > other.