Privacy Policy

TL;DR: we collect almost nothing. Visitors who subscribe give us an email. Visitors who don't subscribe are essentially untracked beyond basic security logging. No advertising pixels. No data sold. Written to comply with GDPR, UK GDPR, and CCPA / CPRA. Email [email protected] with any question.

section_01 — what we collect

Information you submit

The only information you actively give us is the email address and consent checkbox you submit if you sign up for the monthly audit log. If you contact us, we also keep your message (and any reply-to address) for as long as needed to handle your inquiry.

Information collected automatically

Like any web server, ours logs: your IP address (for security and abuse prevention), your user agent string, the URL path requested, and the timestamp. These logs rotate out within 30 days.

If you consent to analytics cookies, we record anonymized page-view counts in aggregate — we do not track individual user journeys, we do not fingerprint devices, and we do not link analytics data back to subscriber emails or IP addresses.

Cookies on this site

Cookie	Purpose	Duration	Consent?
sn_consent_v1	Stores your cookie preferences so we don't show the banner every visit	12 months	Not required — strictly necessary
Analytics (if enabled)	Aggregate pageview counts	Up to 13 months	Required · opt-in
Advertising	None. We don't run ads.	—	—

Change your preferences at any time via the cookies.html link in the footer, or by clearing local storage for this domain.

section_02 — legal basis (GDPR)

Legitimate interest — for security logging and abuse prevention.
Consent — for analytics cookies and newsletter subscription. Withdrawable at any time.
Performance of a service — when we reply to your contact email, we process your message to respond to you.
Legal obligation — if required to retain logs under applicable law or to respond to a valid lawful-access request.

section_03 — retention

We keep data only for as long as the purpose requires:

Newsletter subscriptions — until you unsubscribe (one-click, in every email)
Security logs — 30 days, then rotated out
Analytics — aggregated and anonymized within 13 months
Contact correspondence — deleted 24 months after the last message, unless the thread is ongoing

section_04 — who we share it with

We do not sell, rent, or trade any data. The only parties who ever see anything are processors strictly required to operate the site:

Processor	Purpose	Data received
Hosting provider	Serve the site	Request logs, IP address
Email / newsletter provider	Deliver the newsletter	Email address, opt-in timestamp, engagement events
Privacy-respecting analytics (if enabled)	Aggregate traffic counts	Pseudonymized page-view data

Each processor operates under a data processing agreement. Cross-border transfers where applicable use Standard Contractual Clauses or equivalent safeguards.

section_05 — your rights

Everyone

Email [email protected] to ask what we hold, correct it, or delete it. We reply within 30 days.

EU / UK (GDPR)

You have the rights of access, rectification, erasure, restriction, data portability, and objection to processing, plus the right to withdraw consent and to lodge a complaint with a supervisory authority.

California (CCPA / CPRA)

You have the right to know what we collect, delete it, correct it, and to opt out of any "sale" or "share" of personal information (we do neither, but the right exists regardless). We do not discriminate against you for exercising these rights. California residents may designate an authorized agent to make requests on their behalf.

We also honor the Global Privacy Control (GPC) signal as a CCPA opt-out request. Since we don't sell or share, no action is required; the signal is nonetheless recorded and respected.

section_06 — security

TLS (HTTPS) in transit. Data minimization end-to-end — if we don't need it, we don't store it. If a security incident involves personal data, we notify affected users within 72 hours of confirmation, where legally required.

section_07 — children

This site is not intended for anyone under 16. We do not knowingly collect personal information from children. If you believe a child has provided data, email us and we will delete it.

section_08 — changes

We update this policy if practices change or the law requires. Material changes get a new "effective" date on this page, and current subscribers get an email notification.

section_09 — contact

Data controller: SIGNAL//NOISE editorial team.
Email: [email protected]
Postal: available on request by email, per applicable law.