Privacy Policy

Last updated: January 2026

I take privacy on the internet very seriously, and only use the data I absolutely need to keep the website working. From December 2025 this blog is hosted on a platform built on text files, and I don't need cookies or trackers for the website to work.

Statistics

I use a cookie-less statistics service called Databuddy. It's privacy-focused and doesn't collect personal data. It shows me page views, what you've clicked on, how you found to the site (search engines, social media etc, domain name only), your browser type, and similar information that helps me understand how to improve the website. Locations are collected by IP address, but all IP addresses are anonymised. You can read more on their privacy policy.

Comments

When you leave a comment on our blog, we collect the following information:

Data We Collect

If you choose to leave a comment on this website, we'll collect your name, comment, website URL and e-mail address (if provided).

How We Use Your Data

  • Name and comment: Displayed publicly on the blog post
  • Website URL: Displayed as a clickable link on your name (if provided)
  • Email address: Used only to notify you when someone replies to your comment (if you opt in). Your email is never shared, sold, or used for marketing.

Email Address Security

If you choose to provide an email address for reply notifications:

  • Your email is encrypted using AES-256 encryption before storage
  • The encrypted email cannot be read without the server's private encryption key
  • Your email is never displayed publicly on the website
  • We only send emails when someone directly replies to your comment
  • Each notification email contains an unsubscribe link to stop future notifications

Your Rights

You can request to have your comment and associated data deleted by contacting us. Comments can be identified by: - The name you used - The blog post it was left on - The approximate date

Newsletter Subscription

When you subscribe to our newsletter, we collect the following information:

Data We Collect

  • Email address- Never displayed publicly. Encrypted (AES-256)
  • GDPR consent- Not displayed. Stored with subscription.
  • Subscription date - Automatic, not displayed. Stored in a text file with subscription.
  • Verification status Automatic, not displayed. Stored with subscription.

How We Use Your Data

  • Email address: Used only to send you newsletter emails when new blog posts are published
  • GDPR consent: Recorded to confirm you have explicitly consented to receive emails
  • Verification: We send a verification email to confirm you own the email address and for you to confirm the subscription before adding you to the mailing list
  • Your email is never shared, sold, or used for any purpose other than sending newsletter emails

Email Address Security

  • Your email is encrypted using AES-256 encryption before storage
  • The encrypted email cannot be read without the server's private encryption key
  • Your email is never displayed publicly on the website
  • We only send emails when new blog posts are published (typically once per day or less)
  • Each newsletter email contains an unsubscribe link to stop future emails

Two-Step Verification

To prevent spam and ensure you want to receive emails:

  1. Sign-up: You provide your email address and confirm GDPR consent
  2. Verification: We send a verification email with a unique link
  3. Confirmation: You click the link to confirm your subscription
  4. Active: Only after verification will you receive newsletter emails

Third-Party Email Services

We use the following services to send newsletter emails:

  • SendGrid: Used for sending bulk newsletter emails (new post notifications). SendGrid processes your email address only to deliver emails and does not use it for marketing or tracking. See SendGrid's Privacy Policy for details.
  • SMTP: Used for sending verification emails. Your email address is only used for delivery and is not stored by the SMTP provider.

Spam Prevention

To prevent spam and abuse:

  • We use a privacy-friendly "honeypot" technique to detect automated spam bots
  • We do not use Google reCAPTCHA or other third-party services that track users
  • Rate limiting prevents excessive subscription attempts from the same IP address
  • Your IP address is temporarily stored for rate limiting and automatically deleted after 7 days

Your Rights

You can:

  • Unsubscribe: Click the unsubscribe link in any newsletter email to immediately stop receiving emails
  • Request deletion: Contact us to have your subscription data permanently deleted
  • Request access: Contact us to receive a copy of your subscription data

When you unsubscribe: - Your email address is immediately removed from the active mailing list - You will no longer receive newsletter emails - Your encrypted email address may be retained for a short period to prevent accidental re-subscription

Rate Limiting & Spam Prevention

To prevent spam and abuse, we implement the following measures:

IP Address Processing

  • Your IP address is temporarily stored to enforce rate limits (maximum comments per hour/day)
  • IP addresses are automatically deleted after 7 days
  • We do not use IP addresses for tracking, profiling, or any purpose other than spam prevention
  • This processing is based on our legitimate interest in maintaining a spam-free website

Spam Protection

  • We use a privacy-friendly "honeypot" technique to detect automated spam bots
  • We do not use Google reCAPTCHA or other third-party services that track users
  • No data is shared with third parties for spam prevention

Geo-blocking

This website uses country-based access restrictions to protect against unauthorized access and security threats.

How It Works

  • When you visit our website, we determine your country using your IP address
  • This country lookup is performed using the MaxMind GeoLite2 database
  • If your country is on our blocked list, you will be redirected to a specific page
  • We do not store or log your IP address for geo-blocking purposes

Data We Process

  • Country code - To determine if access should be blocked. This is logged temporarily, and will be automatically deleted after security review period.
  • IP address - For country lookup only. This is not stored or logged.

Legal Basis

This processing is based on our legitimate interest in: - Protecting our website from security threats - Preventing unauthorized access - Maintaining website security and integrity

Your Rights

If you believe you have been incorrectly blocked, please contact us. We can review and adjust our geo-blocking settings if necessary.

Server Logs

The server logs attack attempts such as spamming attempts, and blocked users (by country code only). Server logs are retained for a limited period and are not used for user profiling or tracking.

Cookies

This website does not use tracking cookies or third-party analytics cookies.

Third-Party Services

This website does not share your data with third-party services for advertising or tracking purposes.

Data Retention

  • Comments: Your name, text, website. This is stored until manually deleted
  • Encrypted email addresses. Stored until you unsubscribe or request deletion.
  • Rate limiting IP addresses. Automatically deleted after 7 days
  • Geo-blocking country codes. Automatically deleted after security review period

Your Rights Under GDPR

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restrict processing: Request we limit how we use your data
  • Data portability: Request your data in a machine-readable format
  • Object: Object to processing based on legitimate interests

To exercise any of these rights, please contact us.

Contact

If you have questions about this privacy policy or your personal data, feel free to get in touch.