Session-Authorized, Fully Explicit

Consent that expires.

You clicked "I Agree" once, years ago. That click still governs your data today. SAFE proposes a different model: every session, you decide what an app can access. When you close it, those permissions are gone.

See how it works Read the spec ↗

The problem

Perpetual consent is not consent.

Current consent models collect one agreement and use it forever. Your decision from 2019 authorizes data collection in 2026. The legal text runs to thousands of words. Nobody reads it. Everyone clicks agree.

Consent should require intention. That means asking every time.

SAFE makes consent a continuous practice instead of a one-time administrative hurdle. Each session is a fresh authorization. Each permission is explicit. Each closure is a clean end.

This is intentionally inconvenient. That inconvenience is the point.

How it works

Three moments. Every session.

You open an app built on SAFE. Before showing you anything, it asks permission — not once, at setup, but now, for this session.

Start

The app presents an authorization request for each data type it needs. Contacts. Location. Documents. Each one is a separate question.

During

The app only accesses what you authorized this session. Nothing more. You can revoke mid-session at any time.

End

You close the app. All authorizations expire. Data is deleted by default unless you explicitly chose to save it. Tomorrow, it asks again.

User rights

Five guarantees. Not suggestions.

Every app built on SAFE must honor these rights. They are not opt-in features. They are the floor.

I
Right to Zero Retention
Decline all data storage. The app runs without saving anything about you.
II
Right to Deletion
Complete removal of your data on request. No waiting period. No dark patterns.
III
Right to Export
All data about you, in a readable format, whenever you want it.
IV
Right to Audit
View exactly what the system knows about you. No inference. No guessing.
V
Right to Revoke
Withdraw authorization mid-session. The app stops accessing that data immediately.

These are not suggestions. They are guarantees.

Pricing

Pay what you can, including $0.

SAFE apps share a common pricing philosophy. Not charity — alignment.

Suggested donation per month

No reduced features at $0
No shame, no second-class service
Users see the actual operational costs
When people pay nothing, they still deserve the same service — because the point is consent and dignity, not revenue extraction

Governance

Rules that cannot be overridden.

SAFE is governed by a set of explicit, public documents. The most important are the Hard Stops — absolute constraints that no authority can override. Not the system owner. Not accumulated trust. Not any AI.

Changes follow the Dual Commit model: someone proposes, someone else ratifies. Neither acts alone.

Charter

Foundational authority and the principles that cannot be negotiated away.

Hard Stops

Absolute limits. What the system will never do, regardless of authorization.

Session Consent

The complete protocol spec for how authorization works session to session.

Dual Commit

How changes happen. Proposal plus ratification. No unilateral changes.

Status