A large portion of the web runs on advertising and widespread data aggregation. For this blog, I’ve gone through some lengths to respect your privacy while still getting some general readership information.

In short, this site uses cookies during your visit and keeps some logs on a private server, but does not share the collected data with anyone. It throws away most information in two steps after 14 days and after 90 days. Additionally, the site is designed to be fully functional even if you disallow Javascript and cookies. It has no web services that ask you to register or provide additional personal data.

Functional Logs

Regular webserver access logs are kept for 14 days. This is necessary to be able to follow up on requests in the case of malicious behavior and therefore guarantee the stability and integrity of the infrastructure.

Matomo Cookies and Logs

In order to understand which articles are actually read without giving away your data to a third party, this blog uses a private Matomo instance.

  • After 90 days, visitor-related information is aggregated into basic statistics and otherwise deleted from the server.
  • The matomo.inhq.net instance is self-hosted and used exclusively for this site and purpose.
  • Sending the Do Not Track request header opts you out from Matomo-based visitor logging.
  • IPv4 and IPv6 addresses are immediately truncated to the first half (documentation, variant “2 bytes” for IPv4).
  • Geolocation works on a local database and on the truncated address.
  • The Matomo session tracking and heatmap functions are not used.
  • Two factor authentication is used to secure the Matomo Dashboard.

Matomo uses cookies to recognize you while visiting the site.

Opt out:

List of Collected Data Fields

  • The website from which you visited
  • The parts of the site you visit
  • The date and (estimated) duration of your visit
  • Half of your IP address (see above)
  • Country and city you are located in (rough estimation)
  • Device type
  • Operating system
  • Screen resolution
  • Language
  • Web browser type

Other Collected Data

This site does not have user registration, comment functions, payment processing, newsletters or other means of providing personal data.

Blog

  • The blog is statically generated and self-hosted via Hetzner.
  • Goal: provide all images, videos, fonts and scripts from the same server (where possible).
    • This avoids web requests to third parties.
  • The TLS transport encryption is terminated directy at the server. TLS 1.3 is supported.
  • No usage of content delivery networks (CDN), third-party anti-DDOS services or other “subprocessors”.
  • There are no ads or affiliate links.

Contact

See about.

Direct email contact is out of scope of this policy, but I will do my best to respect your privacy there as well.