Privacy policy.

This site is a Node HTTP server on a Raspberry Pi in my room. I don't sell data, I don't run analytics, I don't care who you are. Here's what actually hits disk when you load a page.

What gets logged

When you visit leminkozey.me, my server receives the usual HTTP data: your IP address, the User-Agent string, and the URL you asked for. That's how the web works — without it I can't send you the page.

Access logs live for up to 14 days, then they rotate and get deleted. A simple visitor counter increments once per unique IP — but the IP itself is SHA-256 hashed with a local salt before anything is stored, so I never see a raw address tied to a count.

What I don't run

No cookies. No localStorage tracking. No fingerprinting. No Google Analytics, Plausible, Umami, Fathom, Cloudflare Analytics, Meta pixel, TikTok pixel, Hotjar, session replay. Nothing.

Third parties

Cloudflare Tunnel handles TLS and DDoS protection. Your request hits their edge before it reaches my Pi. They see the IP, URL, and TLS metadata. I don't use their analytics — their own policy lives at cloudflare.com/privacypolicy.

GitHub Contributions API — one GET request to a public stats endpoint so the commit grid renders. No identifying info is sent.

Google Fonts — the browser fetches Outfit and DM Sans from Google's CDN. If that's a concern, write me and I'll self-host.

If you email me

Mail to [email protected] lands in my personal mailbox. I read it, reply, and delete it once the thread is done. No CRM, no newsletter tool, no automation.

Your rights

Under GDPR Art. 15–17 you can ask what I have on you (very little), correct it, or delete it. Mail me — I reply within a few days. The supervisory authority for Germany is the Bundesbeauftragte für den Datenschutz (BfDI).

Responsible party

Manu — leminkozey, based in Germany. Reach me at [email protected]. Source code lives at github.com/leminkozey/whoami.