Privacy

We use Plausible Analytics to measure aggregate readership — which deep dives land, which archetypes readers reach for. Plausible is EU-hosted, cookieless, and IP-anonymized. It identifies visits using a 24-hour rotating hash that cannot be linked to a person across days or across sites.

That’s the only third-party analytics service we run. There is no Google Analytics, no Meta pixel, no session replay, no advertising network, and no other third-party tracker embedded anywhere on the site.

Alongside Plausible, we also keep our own first-party count of how far readers get through each deep dive — a simple section-by-section drop-off tally that tells us where an essay loses people. It lives in our own database and carries no personal data: only the article slug, a non-personal section identifier, and a calendar day. It is aggregate-only — a running count per section per day — and cannot identify or follow an individual reader.

When you create a reader account or join a workshop queue, we use Supabase (a Postgres database, authentication, and edge functions) to store that data. Supabase is the only provider in that loop. We run it in an EU region; the rows you create and the auth traffic stay there. Our arrangement with Supabase is the standard data-processor agreement on their public terms.

When you sign in, we email you a magic link that logs you in; and when a workshop you queued for is scheduled, we email you to confirm or decline your spot. Both go out through Resend, an email-delivery provider acting as our sub-processor. The email address you gave when creating an account or joining the queue is stored in Supabase and used solely to send these sign-in links and RSVP/scheduling notices — never for marketing, and never passed to the analytics stream. Resend handles delivery on the standard data-processor terms.

• No tracking cookies.The only cookies the site sets are first-party session cookies issued by Supabase when you sign in. They are HTTP-only and exist solely to keep you signed in. There are no third-party cookies, advertising cookies, or analytics cookies of any kind — which is why there is no consent banner.
• No cross-site tracking. We do not follow you to other sites; nothing on this site allows other sites to follow you here.
• No fingerprinting. Plausible does not build a device fingerprint, and we do not run any other code that does.
• No personal data in analytics.Plausible event payloads still carry no email, IP, account id, or free-text input — only the archetype identifier and the article slug. Our own first-party reading metric is the same: it stores only the article slug, a non-personal section identifier, and a calendar day — no email, IP, account id, session id, or fine-grained timestamp. Your account lives in the Supabase database; it never appears in either analytics path.
• No profiling. We do not build a behavioral profile of you. Comments are linked to your account because that is what comments are; we do not use comment content to infer anything about you.
• No advertising. The site does not run ads and does not share data with ad networks.

If you never create an account, we store no personal data about you at all. If you do sign in, here is the complete list of what we keep:

• Your email address, so you can sign back in.
• Your archetype preference, if you set one, so the deep dives open with the lens you chose — across sessions and devices.
• Any comment you post on a deep dive, with the deep-dive slug and the timestamp.
• Any workshop queue you join, with the workshop, the timestamp, and your RSVP status if the cohort is scheduled. Joining a queue while signed out stores only the email address you enter, used to send the RSVP and scheduling notices described above.

That is the whole list. We keep it for as long as your account is open. Ask us to delete the account and those rows go with it.

You have the right to see what we hold, correct it, or have it deleted. The fastest path is to write to chris_bounds@live.com from the email address tied to your account. We will respond within 30 days — the window the GDPR sets — and usually much sooner, because this is a small publication. There is no charge. If you never signed in, there is simply nothing for us to look up.

If this picture ever changes — a new tracker, a new processor, a new kind of stored data — this page is updated before the change ships, and the reasoning is recorded in the project’s architecture decision records. The shift from “we hold nothing” to the account-bearing posture on this page is itself recorded there (ADR-0009, superseded by ADR-0011); the addition of Resend as an email sub-processor is recorded in ADR-0013.

Last updated · 2026-05-29