The fine print

Privacy

This is a personal blog. It is not a business, it sells nothing, and it has no interest in building a profile of you. The privacy posture follows from that: collect the little that helps me understand whether the writing is read, and nothing else.

What I collect

Aggregate, anonymous analytics, gathered without cookies. When you read a page I record the page visited, where the visit came from (the referring site or search engine), an approximate country, and the broad device and browser type. On articles I also measure how far down the page a reader scrolls and roughly how long the page stays open and in focus, so I can tell which essays hold attention.

None of this identifies you. There is no cookie, no persistent identifier, and no login. Visitors are counted with a hash that rotates daily and cannot be traced back to you from one day to the next. The approximate country is derived from your IP address; the address itself is not stored.

What I don't do

No tracking cookies, no cross-site tracking, no advertising networks, no behavioural profiling, no fingerprinting for ads. I don't sell, rent, or share your data, and there is no third party building an ad profile off the back of your visit. Because nothing is stored on your device and nothing personal is collected, there is no consent banner to click through.

Who processes the data

The site runs on a server I rent from Hetzner (Germany), which keeps short-lived technical logs for security and operation. Cloudflare sits in front as a CDN and security proxy, so it processes each request, including your IP address, to deliver pages and block abuse. The analytics are handled by Umami Cloud, a privacy-focused, cookieless analytics service. These providers process data only to keep the site running and measured, not for their own marketing.

Newsletter

There is no mailing list yet, so I'm not collecting email addresses. If one launches, it will be strictly opt-in with explicit consent, with no open-tracking and an unsubscribe link in every message, and this page will be updated before a single email goes out.

Your rights

Under the GDPR you can ask to access, correct, or delete personal data, and object to its processing. The honest caveat: the analytics here are aggregate and anonymous, so in most cases I hold nothing that can be linked back to you individually. For anything you do want to raise, write to [email protected] and I'll answer.

Changes

If this policy changes in any way that matters, the date above moves and the change is reflected here. There is no version buried in a contract somewhere; this page is the whole of it.