Privacy Policy

This website works the way the rest of the web should work. Your privacy is actually respected. Read on to find out how.

No Tracking or Analytics

This website does not use any analytics software or tracking of any kind. There is no Google Analytics, no Matomo, no Plausible, and no other tracking service. Your visit is not recorded or profiled. Your movements around the website are not tracked, analysed or monitored. Your data is not shared or sold.

No Cookies

This website does not set any cookies. There are no session cookies, no tracking cookies, and no cookie consent banners, because there are no cookies to consent to.

No Third-Party Resources

All assets (stylesheets, images, icons) are served directly from this server. There are no CDNs, no Cloudflare, no externally hosted fonts, and no third-party scripts. The Content Security Policy enforces this by restricting all resource loading to the same origin.

Referrer Protection

A strict no-referrer policy is set on every response. When you click an external link on this site, the destination will not know that you came from this website. That's none of their business.

Google Ad/Tracking Tech Disabled

The Permissions-Policy header explicitly disables Google's advertising and tracking technologies including FLoC, the Topics API, Attribution Reporting, Ad Interest Groups (FLEDGE), and Ad Auctions (PAAPI), for those of you unfortunate enough to be running Google Chrome. Your browser will not participate in any of these systems while on this site.

Browser API Restrictions

Permissions-Policy also disables access to sensitive browser APIs including the camera, microphone, geolocation, and other device sensors. These APIs cannot be used by any content on this site.

Transport Security

All connections are encrypted with HTTPS. HTTP Strict Transport Security (HSTS) with preloading ensures your browser will only ever connect over HTTPS, even on your first visit: This site is included in browser HSTS preload lists.

Cross-Origin Isolation

Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy headers are set to isolate this site from other origins, preventing cross-origin data leakage.

Access Logs

Basic webserver access logs (IP address, timestamp, request path, status code) are retained for approximately two weeks, for the purpose of detecting and handling abuse. After that period, they are deleted. Logs are not shared with any third party.