TLDR: Most of the things I make have a self-hosted analytics package on top so I can see what is actually being used. It’s mostly just there so I can check and smile :3

I very rarely collect emails, names, or other PII, but if I do, I'll do my best to keep it safe and will never sell it to anyone, ever.

General Stuff - Analytics + Data Collecion

I host my own analytics package, umami, which is designed to be more privacy preserving that Google Analytics, only looking at non-private non-personal information like IP Addresses (which are not anonymized), User Agent, Screen Resolution, and the URL of the page you're looking at. I collect this because I find these kinds of analytics super inspiring and it really helps motivate me to keep working on new projects. I will never sell any of this information to anyone at any time for any reason.

I can’t actually tie any of this info back to a particular person or identity, so I don’t really have the ability to delete your history or information. Still, if you don’t want to be tracked, block the url [umami.cobular.com](<http://umami.cobular.com>) in your adblocker of choice. Some lists for ublock already block the */umami.js that the tracking package is named, so you may already not be reporting anything back.

Collection of PII

I very very rarely do this, but for a few things (may not be complete):

• Blog, which collects emails to use as notifications
• Klaxon, which uses emails as part of it's auth scheme
• Bitwarden, which is similar

I do have to collect some PII for their systems to function. In these cases, I will not use them for anything but their intended purpose (i.e. will not use account signups for one thing for blog notifications and such). Like anywhere on the internet, I can't guarantee that someone won't some day break into all my stuff and dump the info I've been trusted with, but I will do my best to keep the info I have safe. Note that, as a random student, my security policy tends to be best-effort with my time and resources, however I’ve worked to significantly reduce my attack surface in the following ways:

• A minimum number of services are actually exposed (most are internal, servers should not be reachable over ssh and databases should not be accepting any connections on public IPs for example)
• I try to make sure those that are exposed are reasonably hardened and up to date

Privacy Contact

Currently, there is no automatic method to opt-out of analytics tracking. However, as an individual developer, I strive to respect privacy and comply with relevant laws to the best of my ability within my resources. If you’re particularly concerned, shoot me an email with the subject Privacy Policy - Data Out Out and I’ll work with you to mitigate your exposure.

For error tracking and similar purposes, I sometimes utilize Sentry, which mostly alligns with my privacy practices as outlined in this policy.

Have concerns? Let me know: [email protected]$

Additionally, please do not hesitate to reach out if you discover some security issue. I will be incredibly glad for the heads up!!!

Revision History