Privacy policy

This is a flat-file website which means it does not use databases to query and server content on the fly. The files that run this website are universal and contain all the data needed to render a page which is generated on demand and cached. As a result of this secure flat-file set-up, none of your personally identifiable data is ever collected or used by this website. Continue reading for a full explanation or skip to the summary at the end.

Although I have no interest in collecting or using your personal data, this website may, from time to time, interact with third-party services (e.g. social media links) which may take you to external websites governed by third-parties terms of use e.g. links to news websites, links to other individuals’ websites etc.

This website is served from a private server in Nuremberg, Germany, operated by Hetzner. Besides being a reputed and highly-selective server operator, Hetzner’s commitment to using 100% green electricity is part of what makes this a recognised climate friendly website.

For the curious, this website runs on AMD EPYC™ 7002 servers running Debian 12 and Apache 2.

I use self-hosted analytics to assess overall trends in the traffic this website receives. This is powered by Plausible Analytics, an open-source, privacy-focussed analytics suite designed to not use cookies and not collect personally identifying information (PII). It has previously been independently legally assessed. I do not track individual visitors to this website as I have no use for this information. I have written elsewhere about why I need analytics but the following list should give you an idea:

• To ensure I remain compliant with usage terms for typefaces
• To identify any 404 or other errors on this website
• To understand what external sites link to this website and prevent malicious actors
• To understand how visitors are subscribing to my newsletter so my newsletters may be more relevant to my broad subscriber base

Notably, it is not that your individual user data is collected and anonymised, rather that PII is not collected at all. This makes Plausible fully compliant with GDPR and other privacy regulations like the California Consumer Privacy Act (CCPA).

The analytics measurements are not done through third-party websites but is entirely self-hosted on the same server as this website (see server and location information above). Further, no data is shared with third-parties even transiently. And, once again, no cookies are used (see also ‘Cookies and localStorage’ below).

I may embed tweets for which Twitter will serve some of its own javascript. Or I may embed a Youtube or Vimeo video in which case those companies will serve their scripts.

I do my best to ensure that in most cases a tweet and its embedded page on this site are not used for purposes that include personalised suggestions and personalised ads from Twitter. Likewise I do my best to ensure that in most cases YouTube does not store your information on this website for their own analytics and personalised ads unless you play a YouTube video embedded on this site. Unfortunately, YouTube gives neither me nor you enough control in that there is no way to watch a YouTube video if we decline consent to such personalised ads and analytics (at least as of 2023).

Along the same lines—although much more leniently—Vimeo, Apple (Music), Spotify and others have their own terms of use as does any other service platform whose content may be displayed from time to time as necessary on this website. This is rare but it may happen. More common are external links to these services that take you out of this website and into those third-party websites. Please consult these third-party services to better understand how they use yout data as this is not under the control of this website.

If you subscribe to my fortnightly newsletter Confluence your e-mail will be processed through, and saved in, the Kit newsletter management suite. This is safe and secure and private (for example, when you sign up for my newsletter Kit does not sell your e-mail or use it to market to you).

Every e-mail you receive after subscribing on this website will carry an unsubscribe link that will let you stop your subscription and delete your e-mail from the mailing list in a couple of clicks, without having to talk to someone about it. Further, this website never asks for anything but your e-mail address and, in fact, strongly discourages you from building your profile unless you absolutely feel the need to.

You need not provide any personal information to subscribe to our newsletter besides the e-mail address where you would like to receive the newsletter. For your further safety, this can be a masked e-mail address. Indeed this is encouraged to remain autonomous when subscribing to newsletters.

If you have any trouble with my newsletter, please send me an e-mail.

I believe there’s no real need for cookies on this website right now. I have little use for specific, invasive tracking and analytics; and I do not display any ads whatsoever. That said, most websites need a small set of cookies—often classified as ‘strictly necessary’ and allowed for consent-free use under GDPR and other similar laws—to function properly. This website uses three such cookies, all first-party, and a possible fourth if your internet connection or the server’s network connection is temporarily faulty:

1. STATAMIC_SESSION (Necessary, First-party) This cookie monitors any logged in users of this website or users trying to log in or fill forms, such as my newsletter subscription form. If you do not interact with any of these, this cookie does nothing. But without it, core functionality of this website will break.
2. XSRF_TOKEN (Necessary, Security, First-party) This token ensures the visitor’s (your) browser security by preventing cross-site request forgery. This cookie is essential for the security of this website as well as you.
3. CF_CLEARANCE (Necessary, Security, First-party) This is a token set by Cloudflare, the CDN I use on this website for edge caching to ensure quicker page loads, to make sure only humans visit this website and not bots that might disrupt the host server.
4. CF_OB_INFO/CF_USE_OB (Necessary, First-party) According to Cloudflare, who deploys this cookie, these inform Cloudflare to fetch the requested resource from the Always Online cache on the designated port. These cookies are persistent and expire after 30 seconds.

Please note that your use of this website means accepting the use of necessary cookies. In addition, this website uses localStorage variables to recall your preference (or lack thereof) for a light or dark scheme or of specific font size preferences while browsing this site. This information is generated, stored, read and updated locally on your browser and not communicated to any server; it is also generic and does not identify you, the user, in any capacity. Since no other cookies (e.g. advertising, analytics, tracking) are used, you will not see options to reject any cookies.

GDPR guidelines specifically state, “When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies.” And stated above, no third-party cookies are in use on this website.

Here is an honest summary of our privacy and cookie policies:

• We run on green electricity and are climate conscious;
• We use self-hosted Umami to run our analytics to monitor certain readership and subscriber metrics but do not collect or use your personal data or share even the anonymous data with third parties;
• We may embed works posted to social media platforms (e.g. Youtube, Vimeo) or service offerings (e.g. Apple Music, Spotify) in which case they will serve their scripts and your use of these embeds etc., regardless of your direct interaction with them, will be governed by the policies of their respective platforms of origin;
• No cookies are used by localStorage may be used i.e. storage exclusively and privately in your browser alone, for settings like your theme choices or font sizing preferences;
• If you subscribe to my newsletter, your e-mail will be stored safely and privately with Kit who will themselves never use your e-mail address in any way except to send you my newsletter.

At the end of the day, a lot of the features and techology we use are either designed to improve your experience on this website or to improve the functionality of this website for your experience. None of it is directly harmful to you as a user, to your privacy, or to your system.

Enjoy this website and have a lovely day.