Privacy Policy
Last updated: 2026-04-25
This is the privacy policy for phuong.beer. The site is a personal blog and terminal-style portfolio operated by Phuong Nguyen. It is intentionally small, ad-free, and tracker-light.
Short version: I collect the minimum needed to know whether anyone reads what I write, to keep comments civil, and to thank supporters. I do not sell data, I do not run ad networks, and I do not set analytics cookies in your browser.
What I collect
Page analytics (Google Analytics 4)
The site sends anonymized page-view events to Google Analytics 4. GA4 is
configured with IP anonymization and the Google Signals feature is off. The
owner-only dashboard at analytics.phuong.beer only displays aggregated counts:
views per day, unique visitors per day, top posts, top countries, top referrers,
average engagement time, and average scroll depth.
Comments
When you submit a comment, the following is stored:
- The name and email you typed (the email is hashed with a server-side salt before storage — the raw email is not retained on disk).
- The comment body.
- The slug + locale of the post.
- A salted SHA-256 hash of your IP address and a salted SHA-256 hash of your user-agent string. Both hashes include a daily bucket, so the same person hashes differently across days. Used only for spam/abuse detection.
- A timestamp.
- A moderation status (
pending,approved, orrejected).
The hashes are one-way; they cannot be reversed to your email or IP.
Donations (Ko-fi)
If you tip via Ko-fi, the webhook stores the message ID, timestamp, amount,
currency, and the public name + message you chose to send through Ko-fi. Payment
details stay with Ko-fi. The is_public flag is honored: a donation
marked private is only visible on the owner-only dashboard.
Likes
The like button stores a one-way hash of your visitor identity (local-storage UUID + post slug) so a refresh doesn't double-count. No PII.
What I do not collect
- No third-party advertising or tracking pixels.
- No analytics cookies. (GA4 here uses cookieless measurement.)
- No raw IP, raw email, or raw user-agent string is retained.
- Nothing is shared, sold, or rented.
- Chat-widget messages are processed in-memory by the Gemini-backed proxy at
api.phuong.beer; they are not stored long-term. - The owner-only dashboard at
analytics.phuong.beeris gated by Cloudflare Access. Cloudflare'sCF_Authorizationcookie is set for me only when I log in; visitors never see this cookie.
Hashing salt rotation
The salt used to hash emails, IPs, and user-agents
(COMMENT_HASH_SALT) can be rotated at any time. After rotation,
hashes computed from the new salt no longer match the old. This is intentional —
it limits how far back any cross-comment correlation can run. Rotation does not
delete existing rows.
Data retention
| Data | Retention |
|---|---|
| GA4 events | 14 months (Google default) |
| Comments | Indefinite, until deletion request |
| Donations | Indefinite, financial-records requirement |
| Likes | Indefinite |
| Cloudflare access logs | Per Cloudflare's defaults |
Your rights
You can ask me to:
- Delete a comment you submitted.
- Delete a like you registered.
- Provide a copy of any data tied to your email hash.
Contact the address in security.txt. Include the post slug + the email you commented with so I can compute the hash on my side and find the row.
Children
This site is not directed at children under 13. If you believe a child has submitted personal data through the comment form, contact me and I will delete the row.
Changes to this policy
This document is versioned in the site repository. Material changes are recorded in git history. The "Last updated" date at the top reflects the most recent change.
Contact
For privacy questions, use the contact method in security.txt.