Privacy Policy — Word List Addendum

Effective date: 2026-04-21

This addendum supplements the Master Privacy Policy for Word List, a NeuralConfig tool hosted at wordlist.lanpulse.com that rewrites RUCKUS Cloudpath DPSK passphrases from random strings into memorable three-word phrases during enrollment.

The Master Privacy Policy governs unless a conflict arises, in which case this addendum controls only for Word List.

Word List is not a Model Context Protocol (MCP) product. NeuralConfig's MCP products (cp-mcp, sz-mcp, r1-mcp) are covered by a separate MCP Products addendum.

What Word List is (and is not)
Data handled
How Word List uses this data
Sharing
Retention
Multi-tenant evolution
Your rights
Contact

What Word List is (and is not)

Word List is a Cloudflare Worker reachable at wordlist.lanpulse.com. It receives Cloudpath's "Call a URL (REST API)" enrollment notification, authenticates to the operator's Cloudpath tenant, looks up the DPSK for the enrollment GUID in the notification, generates a three-word passphrase from the EFF Short Word List (1,295 words), and writes the new passphrase back via the Cloudpath API.

Word List is not a Model Context Protocol (MCP) product. It does not expose an MCP interface, does not relay data to any large-language-model agent, does not issue bearer tokens, and does not hold per-user accounts. NeuralConfig's MCP products (cp-mcp, sz-mcp, r1-mcp) are described in a separate MCP Products addendum and should not be confused with this tool.

Data handled

1. Cloudpath API credentials

To perform the DPSK rewrite, the Worker needs access to the operator's Cloudpath tenant. Credentials are stored as Cloudflare Worker Secrets, scoped to this Worker deployment, set by the operator via wrangler secret put:

Cloudpath API username
Cloudpath API password
A shared secret used to validate inbound webhook calls from Cloudpath

Worker Secrets are encrypted at rest by Cloudflare, are not readable from Worker runtime output, and are never written to logs, error messages, or response bodies. Credentials are not stored in any NeuralConfig-operated database.

2. Enrollment identifiers received from Cloudpath

Each webhook invocation carries a Cloudpath enrollment GUID (e.g., Enrollment-60a936a3-35e7-450d-abf1-9711639384df). The Worker uses this GUID to look up the associated DPSK, perform the rewrite, and return. The GUID is processed in memory for the life of the request and is not persisted by Word List.

3. Transient DPSK material

During the rewrite, the Worker holds the DPSK record (including the prior and newly generated passphrase) in memory long enough to complete the update call to Cloudpath. This material is not written to storage, not included in logs, and not transmitted to any third party other than the operator's own Cloudpath tenant. The authoritative record of the DPSK after the rewrite lives in that tenant.

4. Operational logs

Cloudflare generates standard Worker request logs (timestamp, response status, execution duration). These are retained per Cloudflare's defaults and accessible only to the operator who deployed the Worker. Word List does not emit additional application-level logs of enrollment IDs or passphrase values.

How Word List uses this data

To authenticate to the operator's own Cloudpath tenant
To complete the single action requested by the webhook: look up the DPSK for the given enrollment and replace its passphrase
To validate inbound webhook calls using the shared secret

Word List does not retain enrollment history, does not profile end users, and does not use enrollment identifiers for any purpose beyond completing the in-flight rewrite.

The operator's Cloudpath tenant: every outbound API call goes here. This is the intended destination and the operator's own system of record.
Cloudflare (hosting infrastructure): Worker runtime and secret storage.
No other third parties. In particular, no data is sent to large-language-model providers, analytics services, or advertising networks.

Retention

Worker Secrets: retained for the life of the Worker deployment; deleted when the operator runs wrangler secret delete or tears down the deployment.
Enrollment GUIDs: not persisted. Held in memory only for the life of a single request.
DPSK passphrases (old or new): not persisted by Word List. The new passphrase lives in the operator's Cloudpath tenant once the rewrite completes.
Cloudflare Worker request logs: retained per Cloudflare's standard retention, accessible to the deploying operator.

Multi-tenant evolution

Word List may in the future add a D1-backed multi-tenant mode so a single deployment can serve multiple Cloudpath tenants. If and when that ships, this addendum will be updated to describe per-tenant credential storage, encryption posture, and tenant-isolation controls before the multi-tenant mode is enabled in production. Until then, the single-tenant description above is authoritative.

Your rights

Delete credentials: the operator can remove stored Worker Secrets at any time via wrangler secret delete. This immediately prevents further Cloudpath calls from Word List.
Tear down the Worker: removing the Worker deployment stops all Word List processing and deletes the associated Secrets.
Standard rights from the Master Privacy Policy apply where relevant.

Contact

privacy@neuralconfig.com

← Back to the Master Privacy Policy