Trust & Legal Protocol

OpSec Clearance: Public

Zero-Backend Architecture

Clone Bay operates on a strict Zero-Trust philosophy. There are no central servers, databases, or tracking scripts storing your data.

No SecretsWe use the EVE SSO PKCE flow. No client_secret is ever required or stored.
Browser OnlyYour Access and Refresh tokens are encrypted and stored exclusively in IndexedDB.
Direct FetchAll ESI requests are made directly from your browser. Our servers never touch data.

How to Verify (Trust, but Verify)

Do not blindly trust web applications with your EVE SSO. You can verify our zero-backend claims yourself:

1. Network Tab
Open Developer Tools (F12) > Network. The only traffic hitting our domain (`clonebay.app`) are static files. All game data is fetched directly from official CCP servers:
Connection Matrix:
- login.eveonline.com: EVE SSO authentication
- esi.evetech.net: EVE Swagger Interface (game data)
- images.evetech.net: Character portraits
2. Content Security Policy (CSP)
We mathematically bind your browser to prevent data theft. Our strict CSP physically blocks network requests to unapproved domains.
default-src 'self'; connect-src 'self' https://esi.evetech.net https://login.eveonline.com; ...
3. Application Tab & Open Source
Check Developer Tools > Application > IndexedDB to see tokens. The entire pipeline is open source and publicly verifiable.

Privacy & Legal

Zero Tracking Policy

No Google Analytics, Sentry, or telemetry. No cookie banners required as local storage is used exclusively as a strictly necessary database.

EVE Online and the EVE logo are the registered trademarks of CCP hf. CCP hf. has granted permission to Clone Bay to use EVE Online and all associated logos for promotional and information purposes but does not endorse, and is not affiliated with, Clone Bay.

The Kill-Switch

If compromised or on a public terminal, use this to immediately permanently delete all IndexedDB and LocalStorage data associated with Clone Bay on this browser.