For the sake of transparency, here are the server logs when I tested locally:
I did leave in a development log accidentally; however, it has been disabled in production as of this commit. There is not a whole lot I can do about Uvicorn logging endpoint hits (and I’m not sure that’s something I want anyway for security purposes), but my goal is not to log endpoint URLs because I do believe in privacy. Regardless, server logs are in a systemd unit that I have no intention of pulling unless strictly necessary to track down an error or something.
The website is also hooked up to my own PA instance, so I can tell how many people use it without invasive analytics. The bottom line here is that I don’t track your IP address, site URL, or basically anything. All I can see is that somebody visited the site and was redirected. Feel free to let me know if you have any concerns, but the entire “uvicorn logging redirect requests” thing is just a design flaw with how I decided to build the app (via cookies & jinja2).
Obviously if you don’t trust me for whatever reason you can just host it yourself (I will make a guide tomorrow) but you can audit the code yourself, the container runs mirrored to GitHub. 