Our Commitment

Privacy Policy

We believe in practicing what we preach. This policy is short because we don't collect your data.

Summary: This website does not track you. We do not use cookies, analytics, tracking pixels, or any form of visitor surveillance. We do not collect, store, or share any data about visitors to this site.

No Tracking or Analytics

This website does not use cookies of any kind. We do not use Google Analytics, Facebook Pixel, or any other analytics or tracking service. No JavaScript on this site phones home to third-party servers for the purpose of tracking visitors. We do not fingerprint browsers. We do not use tracking pixels. We do not serve targeted advertising.

No Data Collection

We do not collect IP addresses, user agents, referrer headers, or any other information about visitors to this site. Our hosting infrastructure (Vercel) may produce standard server logs for operational purposes; we do not access, analyze, or retain these.

Fonts

This site loads fonts from Google Fonts. This means your browser will make requests to Google's servers when loading this page. Google's privacy policy applies to those requests. We are evaluating self-hosting fonts to eliminate this dependency.

Email Communications

If you email us, we will receive and store the contents of your email, including any metadata your email client attaches (headers, IP addresses, client information). For sensitive communications, we recommend using PGP encryption or contacting us via a secure messenger as described on our secure contact guide.

File Submissions

Files submitted through our upload portal are received directly by our team. We do not share submitted files with third parties. We recommend stripping metadata from files before submission. Submitted files are retained only for the duration necessary to fulfill the purpose for which they were submitted, after which they are securely deleted.

Client Engagements

Data handling during active client engagements is governed by the terms of each specific engagement. We apply the principle of data minimization: we collect only what is necessary, retain it only as long as required, and destroy it securely when the engagement concludes. Specific retention periods and data handling procedures are documented in each engagement agreement.

AI Training Opt-Out

We have configured our robots.txt to block known AI training crawlers. We do not consent to the use of this website's content for training machine learning models.

Security

This site is served exclusively over HTTPS with HSTS preload enabled. We employ strict Content Security Policy headers, deny framing, and disable referrer information. For details on reporting security vulnerabilities, see our security.txt.

Changes to This Policy

If this policy changes, we will update this page. We do not send notifications because we do not have your contact information.

Last updated: February 16, 2026

Contact: thecommonlight@protonmail.com