Privacy policy

What we collect

We collect analytics in three layers, each with a different legal basis and retention policy. The first layer is on by default; the other two are opt-in.

• Server-side pageviews (always on, no consent required). When a page is requested, our server records: the path requested, a hashed visitor identifier, the visitor’s device family (mobile / tablet / desktop / bot), OS family, browser family, and the referring host (if any). Hashing uses a daily-rotating saltcombined with the IP address and user-agent. After the salt rotates at 00:00 UTC, the previous day’s salt is discarded — re-identifying a visitor across days is structurally impossible. Data stays on our own infrastructure. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — necessary for site operation and audience understanding.
• First-party engagement events (only after consent).If you accept analytics in the cookie banner, the site sends a small "beacon" on page load and significant interactions (e.g. canvas events). Same anonymization, same first-party storage, same 30-day retention. Legal basis: consent (GDPR Art. 6(1)(a)).
• Google Analytics 4 (only after consent).If you accept, we additionally load Google’s gtag.js from https://www.googletagmanager.comand Google receives event-level data on your visit (see “Third-party data processors” below). Legal basis: consent (GDPR Art. 6(1)(a)).

You can revoke consent at any time via Cookie settings. Revocation takes effect immediately on the client; the GA cookies are deleted and no further events are sent.

Third-party data processors

We use one third-party processor, only after explicit consent:

• Google Analytics 4 (Google LLC, USA). Used for audience and engagement reporting. Data transferred to the United States under the EU-U.S. Data Privacy Framework / Standard Contractual Clauses. Google receives: page path, page title, page referrer, anonymized IP (anonymization is automatic in GA4), device / OS / browser, language, screen size, timezone, GA4-synthesized session/user identifiers stored in the _ga / _ga_* cookies, and the custom events we emit (lesson_view, select_content, r3f_canvas_loaded, blog_read_progress) with their parameters. Google retains this data for 14 months (per our admin setting). Google Signals is disabled, so Google account data is not joined to your visit.

Google’s privacy policy: policies.google.com/privacy.

Retention

Raw analytics events are kept for 30 days (enforced by a TTL index in our database). Daily aggregate counts are kept indefinitely; they contain no per-visitor data — only counts per path per day.

Audit logs (administrator actions on the site) are retained for compliance purposes and contain no visitor data.

Cookies

Essential (always set, first-party):

• theme — your light/dark preference.
• consent — records your cookie-banner choice.
• sid — administrator session cookie. Only set if you sign in to the admin dashboard.

Third-party (only after consent):

• _ga — Google Analytics. Distinguishes unique visitors. Lifetime 2 years.
• _ga_<property> — Google Analytics. Per-property session state. Lifetime 2 years.

Your rights (EU/EEA visitors)

Because we do not retain personal data tied to your identity, we cannot look up "your data" — there is no account-style record to retrieve or delete. If you have signed up for an admin account, contact the site operator to exercise your right to access, rectify, or delete your account record.

Contact

For questions about this policy, see security.txt.