The short version
This site sets no cookies. It stores no IP addresses. It uses no advertising trackers. The only data it collects is (1) aggregate, anonymous traffic statistics, and (2) what you voluntarily send through the contact form. That's it.
I spent 35 years in cybersecurity. I built this site the way I'd want every site to be built.
Why there's no cookie banner
You've probably noticed this site doesn't ask you to "Accept All" or "Reject All" cookies. That's because there's nothing to accept or reject. Cookie consent banners exist to satisfy laws that govern tracking cookies and similar storage. This site uses neither.
Most sites use a banner because they've embedded Google Analytics, Facebook Pixel, advertising networks, and a dozen other third-party trackers that quietly follow you across the web. I chose a different stack on purpose.
What I do collect
Aggregate traffic statistics (via Plausible Analytics). When you visit a page, my analytics provider — Plausible — records the page URL, the type of browser and operating system you're using (e.g., "Safari on macOS"), your approximate country, and the referring site that sent you here.
To count unique visitors per day, Plausible computes a one-way cryptographic hash combining your IP address, user-agent string, the site domain, and a daily-rotating salt. The hash is the only thing stored — your raw IP address is discarded immediately and is never available to me or to Plausible. The daily salt rotation means even the hash cannot be used to track you across days.
This is fundamentally different from cookie-based analytics. There is no persistent identifier. There is no profile. There is no cross-site tracking. I get aggregate numbers; I do not get you.
Contact form submissions (via Web3Forms). If you fill out the Inquire form, the contents of that form — your name, email address, and message — are transmitted through Web3Forms and delivered to me as an email. The form is processed solely to deliver your message. Your information is not used for marketing, not added to any mailing list, and not shared with third parties.
What I don't collect
- Cookies of any kind. Not strictly-necessary, not preferences, not analytics, not advertising. None.
- Your IP address. Plausible uses it transiently for country lookup and immediately discards it.
- Your name or identity (unless you voluntarily provide it in the contact form).
- Your behavior across other sites. No cross-site trackers, no advertising pixels, no remarketing tags.
- Device fingerprints. No canvas fingerprinting, no font enumeration, no audio context probing.
- Newsletter signups. There is no mailing list.
Third-party services used by this site
For full transparency, here is every external service the site interacts with and why:
- Plausible Analytics — aggregate pageview counts. Plausible's privacy policy.
- Web3Forms — contact form delivery. Web3Forms' privacy policy.
- GitHub Pages — the static hosting provider for this site. GitHub may log standard request metadata (IP, user-agent, timestamp) at the server level for abuse prevention and operational purposes. I do not have access to these logs. GitHub's privacy statement.
- Google Fonts — the typography on this site is loaded from Google's font CDN. Google's privacy policy.
- Cloudflare (used by GSAP CDN and some third-party assets) — content delivery. Cloudflare's privacy policy.
Outbound links on this site — to YouTube videos, news articles, podcast episodes, and so on — take you to third-party services that have their own privacy practices. Once you click a link off this site, you're subject to that destination's policies, not mine.
Your rights
Because this site stores no personal data about you, there is generally nothing to access, correct, port, or delete. The two exceptions:
- Contact form submissions: if you've previously emailed me through the Inquire form and want me to delete that email, write to stu@numberone.ai and I'll do it.
- Plausible aggregate data: Plausible's data is anonymous and cannot be tied back to you, so individual-level access or deletion isn't technically possible. If you have concerns about this, you can disable JavaScript or use a tracker blocker, both of which prevent Plausible from running entirely.
If you're in the European Union, the United Kingdom, California, or another jurisdiction with specific privacy rights (GDPR, UK GDPR, CCPA/CPRA, etc.), the above applies. I do not sell or share personal information for advertising purposes.
Children
This site is not directed at children under 13. I do not knowingly collect any information from children.
Security
The site is served over HTTPS, has a strict Content-Security-Policy header that limits which external scripts can run, and follows the principle of collecting as little as possible to begin with. There is no user database to breach because there are no user accounts.
Changes
If I change anything material in this policy, I'll update the "Last updated" date at the top of this page. Substantive changes will also be announced through whichever channels make sense at the time.
Contact
Questions about privacy on this site? Email stu@numberone.ai.