0%
Legal

Privacy Policy

Plain-language answers about what this site collects, what it doesn't, and why.

Last updated: 2026

The short version

No tracking cookies. No advertising. No selling, trading, or sharing of data. No user accounts. Almost everything is static HTML served to your browser.

Data I collect directly

None. The site sets no first-party cookies. Reader features (notes, highlights, bookmarks, saved readings, reading progress, theme, display settings) live in your browser's localStorage. Nothing in localStorage ever leaves your device. No server-side database, no account to create.

localStorage keys I use

Browse /notes/, /saved-readings/, and /reading-calendar/ to see what your browser has stored, and to clear or export it from inside the UI. The keys, all prefixed tga-:

  • theme — your selected light / dark preference.
  • fla-gs-font, fla-gs-spacing, fla-gs-wordspace, fla-gs-bg — display preferences set in the reader-settings panel (font family, line-height, word-spacing, paper color).
  • fla-rs-paraNums, fla-rs-ruler, fla-rs-rulerColor, fla-rs-rulerStyle, fla-rs-autoscroll, fla-rs-scrollSpeed, fla-rs-glossAll — per-article reader tools (paragraph numbers, ruler, autoscroll, expanded glossary tooltips).
  • annotations.<slug> — your highlights and notes for each work, keyed by work slug. Each entry stores the quoted text, your note, the color, and the heading the highlight sits under.
  • bookmarks.<slug> — your scroll-position bookmarks per work.
  • fla-saved-readings — works you've saved for later.
  • fla-reading-log — a private log of which works you've opened on which days; powers the reading calendar and continue-reading rail. Slugs and timestamps only — never page positions or excerpts.
  • fla-reading-resume — the last work + paragraph you were reading, so the toolbar can offer a continue-reading shortcut.

You can clear any of these from your browser's developer tools, your browser's site settings, or the reset button inside the reader-settings panel. Clearing localStorage permanently deletes the data; I have no copy to restore.

Third-party services

Loading a webpage requires loading resources from servers. Here is the complete list of third-party services this site uses and what they see.

Hosting — Cloudflare Pages

The site is hosted on Cloudflare Pages. Your browser sends standard HTTP request metadata (IP address, user agent, referrer, requested path) when it loads a page. Cloudflare retains these logs briefly for security and operational purposes. See Cloudflare's privacy policy.

Fonts — Bunny Fonts

Web fonts are served from Bunny Fonts, a GDPR-compliant, privacy-focused alternative to Google Fonts. Bunny does not log IP addresses, does not set cookies, and operates in the EU under GDPR.

Search — Pagefind (self-hosted)

Search is powered by Pagefind. The index is built at deploy time and served from this same site, so no search queries leave your browser.

Link prefetching — instant.page

The site prefetches the next likely page when you hover a link, to make navigation feel instant. Prefetch requests go only to filthylittleatheist.com and are handled by Cloudflare like normal page views.

Analytics — Umami Cloud

I use Umami Cloud, an open-source, cookieless analytics service. Umami:

  • Sets no cookies in your browser.
  • Stores no personal identifiers — no user IDs, no email addresses, no fingerprints.
  • Anonymises IP addresses; raw IPs are not stored.
  • Records only the page URL, referrer, device category, browser, and country.
  • Is GDPR-, CCPA-, and PECR-compliant by design.

The script is loaded from cloud.umami.is/script.js and posts events to api-gateway.umami.dev. The full Umami dashboard is public at /analytics/. Block either host in your browser, ad blocker, or DNS resolver to opt out; the site continues to work normally without it.

Analytics — Cloudflare Web Analytics

I also use Cloudflare Web Analytics. Like Umami, it is:

  • Cookieless, with no persistent visitor identifier.
  • IP-anonymised; no raw IP addresses stored.
  • Recording only page URL, referrer, device category, browser, and country.
  • Free of advertising-network sharing.

The beacon loads from static.cloudflareinsights.com. Cloudflare's privacy posture is described at cloudflare.com/privacypolicy. Block that host or set Cloudflare's auto-insert to off in your tracker-blocker to opt out.

Contact form — Web3Forms

The contact form at /contact/ is delivered by Web3Forms, which forwards submissions to my email. Spam is filtered by a hidden honeypot field and Web3Forms' own server-side detection — no third-party CAPTCHA. I use the information you submit only to reply. I don't add anyone to a mailing list, and I don't share your email.

External links

When you follow links off this site (Wikipedia, Project Gutenberg, Internet Archive, the Secular Web), those destinations have their own privacy policies.

Your rights

I hold essentially no personal data about you, so there is almost nothing to access, correct, or delete. If you've written to me and want your email removed from my inbox, say so and I'll delete it.

If you're in a jurisdiction with specific data-protection rights (GDPR, CCPA, and so on), exercise them by writing to me.

Children

This site is aimed at a general adult audience. It does not knowingly collect data from children under 13.

Security

The site is served over HTTPS with strict transport security (HSTS). See security.txt for reporting vulnerabilities.

Changes

If this policy changes, the "last updated" date at the top changes with it. Material changes get a site notice.

Questions? Write to me.

Link copied