THE PRIVACY AUTHORITY

Legal

Privacy Policy

Last updated: April 2026

The Short Version

We use privacy-respecting, cookie-free analytics to understand how people use this site. We collect minimal personal data only when you voluntarily submit it (such as through our contact form). We do not build user profiles. Our interactive tools are designed to run in your browser without sending data to our servers.

Analytics

We use Plausible Analytics, self-hosted on our own infrastructure at analytics.theprivacyauthority.com. Plausible is open-source, cookie-free, and GDPR-compliant by design. It collects the following aggregate data:

  • Page views (which pages are visited and how often)
  • Referrer (what site linked you here)
  • Country (derived from your IP address, which is then immediately discarded and not stored)
  • Device type (desktop, mobile, tablet)
  • Browser and OS (e.g., Firefox on Linux)

Plausible does not use cookies, does not track you across sites, and does not build visitor profiles. All data is aggregated and cannot be used to identify individual visitors. Because no cookies or persistent identifiers are used, no consent banner is required under GDPR or ePrivacy regulations.

Our Plausible instance is self-hosted, meaning analytics data is stored on infrastructure we control and is not shared with any third party.

Analytics data is retained indefinitely in aggregate form. No individual-level data is collected or stored.

Cookies

This website does not set or read cookies. Your theme preference (light/dark mode) is stored in your browser's localStorage and never leaves your device.

Interactive Tools & Third-Party Services

Our tools are designed to process data locally in your browser. However, some tools connect to third-party services as part of their functionality. By using these tools, you acknowledge and accept the data handling described below:

  • Password Checker: Your password is analyzed locally using the zxcvbn library running in JavaScript. Based on the current implementation, your password is not transmitted to any server. You can verify this by inspecting your browser's Network tab while using the tool.
  • IP Address Check: This tool connects your browser directly to the following third-party services, which will receive your IP address: ipapi.co (IP geolocation), ipify.org (IP detection), and Google STUN server (stun.l.google.com, for WebRTC leak detection). These services are operated by third parties with their own privacy policies. We do not control how they process your data. No data from these services passes through our servers.
  • Browser Fingerprint: All fingerprinting signals are collected and hashed locally in your browser. Based on the current implementation, no fingerprint data is transmitted to any server.
  • Privacy Checkup: Your answers and score are computed in your browser. Based on the current implementation, they are not stored on or transmitted to any server.
  • Data Broker Opt-Out: Your checklist progress is saved in your browser's localStorage only. The tool provides links to third-party opt-out pages. When you follow these links, you leave our site and interact directly with those third parties under their own privacy policies. Some opt-out processes may require you to submit personal information (including, in some cases, government-issued identification) directly to the data broker. This is at your sole discretion and risk.

Local Storage

We use your browser's localStorage for the following purposes:

  • Theme preference: Remembers your light/dark mode choice
  • Data broker checklist: Tracks which brokers you have marked as opted out of

localStorage is device-local storage built into your browser. This data is not accessible to us or any third party. You can clear it at any time through your browser settings.

Third-Party Links & Affiliate Links

This site contains links to external websites, including affiliate links. When you click on these links, you leave our site and are subject to the privacy policies of those third-party sites. We are not responsible for the privacy practices, content, or security of external websites. Affiliate partners may use their own cookies, tracking, and data collection on their sites. We encourage you to review their privacy practices before providing any personal information.

Contact Form

When you submit a message through our contact form, we collect your name, email address, subject, and message content. Your IP address is also recorded for anti-abuse purposes.

This data is stored on our own server infrastructure and is only used to respond to your inquiry. Contact submissions are retained for up to 12 months and then deleted. We do not share contact form data with any third party.

Fonts

We use Google Fonts (Inter and Space Grotesk). These fonts are downloaded at build time and served from our own domain. No requests are made to Google's servers when you visit this site. Your browser loads font files directly from our infrastructure.

Server Logs

Our web server may temporarily log IP addresses and request metadata for rate limiting, security, and abuse prevention purposes. Server logs are automatically rotated and deleted after 14 days. These logs are never shared with third parties or used for analytics or marketing.

Data Subject Rights (GDPR)

If you have submitted a contact form, you have the right to request access to, rectification of, or deletion of the personal data you provided. For all other site usage, we do not collect or store personally identifiable information. If you believe we hold any data relating to you, you may contact us and we will investigate and respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You have the right to request deletion of personal information we have collected from you.
  • Right to opt-out of sale: You have the right to opt out of the sale of your personal information. We do not sell personal information to third parties.
  • Non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Beyond contact form submissions, we collect only anonymous, aggregate analytics data through Plausible. If you have submitted a contact form, you may request disclosure or deletion of that data. If you wish to exercise any of these rights or have questions about our data practices, please visit our contact page.

Children's Privacy

This website is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by the "last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the website after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or wish to exercise any data protection rights, you can reach us through our contact page.