Privacy

TL;DR

This website doesn't collect any data about you. It doesn't use cookies for tracking or analytics. There are no Google Analytics, Facebook Pixels, or any other trackers here. The only cookie I use is the one from Auth0 and it's used to figure out whether you're logged in or not. That's it.

Details

Sanity.io

I use

as CMS here. While generally irrelevant, all images you see here are served to you from Sanity CDN. Sanity does not preserve logs of how you access these images and does not introduce any kind of tracking or data collection. Sanity is also pretty awesome ;)

Fathom

Out of curiosity, I do gather basic analytics about what pages are visited, where they were found, where are people generally coming from, and for how long they stay on the website. I use

for this — a privacy-first analytics service. It does not track visitors, it doesn’t use cookies. I have no way of telling whether you’ve visited this site before or are you a regular. And it’s totally fine with me.

Auth0

provides user authentication functionality. Stores email, password (if any), user_id (social or auth0-specific), logins count, exact IP, approximate location (country, region, city), exact time of the last login, user gravatar (based on email or social account), user agent. Passwords are stored hashed and salted, and I don’t have access to them, not even in this hashed/salted form. There is a way to officially request user export from Auth0 that includes hashed/salted passwords, but it’s a severely regulated process. Some of the login event information is also stored in Auth0 logs for 30 days. Let me know if you want to learn more, I know a lot about how Auth0 handles this sort of data :)

Buttondown

As a newsletter service, I’m using

. There is no tracking aside from UTM in URLs. Email addresses are stored in the service in plain text, along with the source tag (where did the subscriber find the link). Opens and clicks are not tracked.

Mailgun

For transactional emails (comments notifications) I use

. There is no tracking of any kind, however, the service requires that I pass your email address (the one you use as a login here). This email address is not stored anywhere aside from a 5-day Mailgun log, and as soon as the email notification is sent and 5 days have passed, Mailgun has no memory of it whatsoever.

Supabase

As of May 2022, I use

to store comments. There are a few tables there, and for every comment, I store your Auth0 profile (the one you use to log in), the content of the comment, and metadata (timestamp, flags, what post it belongs to).

Algolia

There’s a neat search bar you can find on the front page, blog page, and categories pages. This search bar is powered by

. It doesn’t use cookies and doesn’t track your searches in a way that could be used to tie a specific search to a particular person. However, Algolia stores search logs (along with logs of other API activities). These logs contain, among other things, your truncated IP address in case of a successful query and a full IP address in case of a server error (for troubleshooting purposes). Algolia retains these logs for 60 days; they are only available to me, and are encrypted at rest. To learn more about these logs,
check out this article 
.

To the best of my knowledge, there are no other services or features where I would come across any information that could possibly identify you personally or allow me or anyone else to track you or your activity on this website.

If you want me to make sure that there’s no information specific to you stored in any of the systems mentioned above, just let me know.

Subscribe to the newsletter

Get updates, new posts, photos, projects, ideas, and more!

Learn about how I handle your privacy.