Privacy
This is a personal blog. The privacy stance is short, opinionated, and meant to outlast me reading legalese boilerplate I would not believe myself.
No third-party cookies
This site does not set any third-party cookies. No ad networks, no cross-site identifiers, no Facebook pixel, no Google Analytics, no fingerprinting libraries. If a browser extension tells you otherwise, please email me and I'll look.
What I do track
Anonymous pageview analytics through PostHog, configured in identified_only mode. In plain English: PostHog is on, it counts visits and a few interaction events (outbound link clicks, scroll past 50% of an article, copy-link button presses), and it associates none of that with a real identity unless you actively log in and tell me who you are. I do not log in.
The events I capture, end-to-end: $pageview, outbound_link_click,
article_read_25, article_read_50, article_read_75,
article_read_100, share_whatsapp, share_x,
share_linkedin, share_email, share_copy_link,
newsletter_signup_intent, feedback_reaction (with the reaction value),
feedback_open, feedback_page_submit_intent, comment_submitted
(only path, body length, and whether an email was attached, never the name or text).
That's the full list. The point of tracking is to know whether anyone actually reads
what I post, not to build a profile.
Session replay
I record anonymous session replays through PostHog, with every piece of text and every input field masked. In plain English: I can see the shape of a visit, where a layout breaks, where people click and how far they scroll, but not what any text on the page says and not anything you type. Replays are tied to the same anonymous identifier as the analytics above, never to a real identity. The opt-out button below switches replays off along with everything else.
Newsletter
If you sign up for email updates, your email address is stored with Buttondown, the service I use to send the newsletter. It is used only to send you the thing you signed up for. It does not get shared, sold, or cross-referenced anywhere else. Every email has a one-click unsubscribe link.
Comments, reactions, and replies
At the bottom of every post and journal entry there are three reaction buttons ("resonates" / "didn't land" / "say more"), a standalone /feedback page with a textarea, and a public comment thread. The two one-tap reactions and the "say more" textarea fire anonymous PostHog events (private signal to me). The comment thread is the public one.
When you post a comment, the name and the body you type are stored in a Cloudflare D1 database I own, displayed publicly under that post, and shown to other readers as-is (plain text, URLs auto-linked, no HTML). If you add an email address it is optional and never displayed: it is hashed with a rotating salt before storage, so a database leak would not reveal your address. Your IP address is also hashed (same salt, same reason) and used only to rate-limit drive-by spam (three comments per IP per hour). No cookies are set by the comment form.
Moderation is post-moderation: comments appear immediately, and I hide anything abusive, spammy, or off-topic after the fact. If you want a comment removed, email me at the address below and it goes.
The source
This blog is open source. The full repository, including this privacy page, lives at github.com/akkton/niconaut. If you find a leak between what this page says and what the site actually does, that's a bug; please open an issue or email me.
Opt out
One click below tells PostHog to stop capturing events and session replays from this browser. The flag is stored in this browser's localStorage, so it persists across visits on this device. Clear your site data and it resets to opted-in.
Status: loading.
If you'd rather block PostHog at the browser level across every site, the uBlock Origin tracker list or Privacy Badger do that. I'll keep working either way.
Contact
Email neumanic2@gmail.com. For data deletion requests, same address. I respond.
Last updated 2026-05-28