Cookie & Privacy Policy
This page explains what data this site collects, where it is stored, and why. There are no third-party trackers, advertising networks, or social media pixels.
Browser storage
Two entries are written to localStorage in your browser. This data never leaves your device and is never sent to the server.
| Key | Purpose | Expires |
|---|---|---|
| theme | Remembers your light / dark mode preference so it persists across visits. | Persistent (until cleared) |
| cookie-consent | Stores your cookie consent decision so the banner is not shown on every visit. | Persistent (until cleared) |
Server-side data collection
The following data is collected server-side (not in your browser) when you visit or interact with the site. Stored analytics data lives in a self-hosted database. When analytics consent is given, the server uses ipapi.co to turn the request IP address into country-level location data; the raw IP address is not stored.
| Event | What is recorded | Why | Retention |
|---|---|---|---|
| Page view | Post slug, approximate country, bucketed referrer source (e.g. 'search', 'social', or the referring hostname), and a one-way hash of your IP address. | First-party analytics to understand which posts are read and where visitors come from. If analytics consent is given, the server sends your IP address to ipapi.co for country lookup, then stores only the country and an HMAC hash of the IP. | Indefinite (aggregated data; no personal identifiers stored) |
| Comment | Name, email address, and comment text. | To display your comment on the post and to verify your email before publishing. After approval, your email is deleted from the database — unless you tick "Email me when someone replies" on the form, in which case the email is kept solely to send those reply notifications. Every notification carries a one-click unsubscribe link that nulls the address immediately. | Name and comment text: as long as the comment is live. Email: deleted on approval, unless you opted into reply notifications — in that case kept until you unsubscribe (or the comment is deleted). |
IP address handling
If analytics consent is given, your IP address is used server-side to determine your approximate country and to estimate unique visitor counts. It is converted to a one-way cryptographic hash (HMAC-SHA256) before anything is written to the database. The raw IP address is never stored, and the hash cannot be reversed to recover the original address.
Third-party services
This site uses a small number of third-party services for specific purposes. No advertising networks, social media trackers, or analytics platforms are used. Fonts are self-hosted at build time — no runtime requests are made to Google or any other font provider.
| Service | Purpose | Data sent | Triggered by |
|---|---|---|---|
| SMTP2GO | Transactional email delivery — comment verification emails, reply notifications (only if you opted in), and contact form submissions. | Email address, name, and message content as entered by you. | Submitting the contact form or posting a comment. |
| ipapi.co | IP geolocation — used server-side to determine the approximate country of a page view. | Your IP address (sent from the server, not your browser). Only country-level data is retained. | Visiting a blog post, if analytics consent is given. |
Withdrawing consent
You can clear browser-stored data at any time through your browser's developer tools (Application → Local Storage) or by clearing site data. Doing so will reset your theme preference and show the consent banner again. Server-side analytics data (page views) is anonymised by design and cannot be attributed back to you.
Questions
If you have any questions about this policy, feel free to reach out via the contact page.
Manage your consent
Changed your mind? Click below to clear your stored consent and bring back the cookie banner.
No consent decision stored yet — the banner will appear on your next visit.
Last updated: April 2026