Skip to main content
Your data

Privacy

Here's exactly how I handle your data.

Last updated: 31 May 2026

Website analytics

I self-host Umami for privacy-friendly analytics. It collects only:

  • Page views (aggregate, not individual)
  • Referrer information
  • Country (derived from IP, then discarded)
  • Device type and browser (anonymized)

I use zero cookies. Each visit stands alone.

Cookies

This site sets no cookies. No first-party cookies, no tracking cookies, no consent banner because there's nothing to consent to. Embedded third-party content (YouTube via youtube-nocookie.com, Spotify, Transistor.fm) may set cookies only after you interact with it — those are controlled by the embedding service, not by me.

Global Privacy Control (GPC)

I honour the GPC browser signal. Since I don't sell personal data, share it for cross-context behavioural advertising, or run third-party trackers, there's nothing on the site that needs to be switched off — GPC arrives at a site that already matches what it asks for.

Newsletter

I run the newsletter on Listmonk, an open-source tool I host on EU servers.

What I collect

  • Email address: Required to send you the newsletter
  • Name: Optional
  • Subscription date: When you signed up

What I promise

  • Transparent delivery: Emails arrive without tracking pixels or open-rate monitoring
  • Your data stays yours: I keep subscriber information private and sell nothing
  • Reader-supported: I fund the newsletter myself, so ads stay out

Link tracking

Links in emails may include UTM parameters (like ?utm_source=newsletter) so my analytics can count newsletter referrals. These parameters remain anonymous. I see aggregate numbers like "47 people clicked through" rather than individual behavior.

Your rights

Regardless of where you live, you can ask me to:

  • Access the personal information I hold about you (realistically, your newsletter subscription record or our email thread)
  • Correct anything inaccurate
  • Delete it — the Listmonk record, the email thread, or both
  • Object to any processing you don't agree with

If you're in the EU/EEA (GDPR)

On top of the rights above you have the right to data portability, to restrict processing, to withdraw consent at any time, and to lodge a complaint with your local data protection authority. My lawful basis for the newsletter is your consent (double opt-in). For replying to emails you've sent me, it's legitimate interest.

If you're in California (CCPA / CPRA)

I do not sell or share personal information for cross-context behavioural advertising, and I haven't in the past twelve months. I do not collect sensitive personal information. You have the right to know, delete, correct, and not be discriminated against for exercising any of these rights. Email me with "California Privacy Rights" in the subject and I'll respond within the legal window.

How to exercise your rights

Email me. Tell me which right you want to exercise. I'll reply within 30 days.

GDPR compliance

This website and newsletter follow GDPR requirements:

  • Lawful basis: Your explicit consent when subscribing
  • Double opt-in: A confirmation email verifies your intent
  • Easy unsubscribe: Every email includes a one-click unsubscribe link
  • Data access: Request a copy of your data at any time
  • Data deletion: Request complete deletion of your data
  • EU-based infrastructure: Self-hosted on EU servers

Self-hosted infrastructure

I self-host my tools, giving me full control. This means:

  • Your data stays on servers I control
  • I keep third parties out of subscriber lists and analytics
  • I control the policies and can migrate freely
  • Full transparency: Listmonk and Umami are publicly auditable

Hosting and international transfers

The site itself is served from Netlify's CDN, which may process request metadata (IP, user agent, timestamps in standard server logs) in the United States and other regions. Netlify operates under SOC 2 Type II and publishes its GDPR/CCPA position. Newsletter and analytics data stays on EU-hosted infrastructure I control.

Data retention

  • Newsletter subscription: until you unsubscribe or ask me to delete it
  • Email threads with me: kept as long as needed to maintain a useful record; deletable on request
  • Netlify server logs: retained by Netlify per their policy; I don't have analytics access to them
  • Umami analytics: aggregate counts, no personal identifiers, retained indefinitely

Children's privacy

This site isn't aimed at children under 16 and I don't knowingly collect anything from them. If you're a parent and think a child subscribed or contacted me, let me know and I'll delete the record.

Changes to this policy

I'll update the "last updated" date above when this changes. For material changes I'll add a visible notice on the site.

Data controller

Guido X Jansen, Ouderkerk aan de Amstel, The Netherlands. Reach me at x@gui.do.

Questions?

Reach out if you have questions about your data.