Privacy
I built this site to collect less. Here is what leaves your browser, what I keep, and for how long.
Cookieless analytics
I use a small, first-party analytics endpoint instead of a third-party tracker. It records the page path, the referring site's hostname, and page language; CLS, INP, and LCP performance measurements; and a short allowlist of interactions such as downloads, outbound links, language or theme changes, and use of the chat or contact form.
Browser analytics requests explicitly omit credentials. The endpoint accepts only a defined schema; it rejects unknown fields and request bodies larger than 4 KiB. Event labels cannot contain a chat question, contact message, name, or email address. The record I store contains no cookie, request IP address, browser fingerprint, visitor ID, or cross-site identifier. Every analytics record now has an expiration set for 180 days after creation. DynamoDB deletes expired records asynchronously, so removal can lag that timestamp.
Chat and job descriptions
When you use the assistant, your question and the conversation shown in the dialog go to this site's AWS Lambda and Amazon Bedrock. If you paste a job description to compare it with my experience, that text goes with the request. This site does not write the chat text to its database.
The browser keeps the visible conversation in sessionStorage for the current tab so the dialog can reopen without losing it. “New chat” clears that copy. To slow automated abuse, the chat uses the request IP address as the key to applying a daily limit. It keeps that key for about two days, separately from analytics.
Contact form
The contact form sends your name, email address, and message through AWS Lambda and Amazon Simple Email Service to my inbox. The site does not add that message to analytics or save it in its database. Once delivered, it remains in my mailbox like an email you send directly.
What stays in your browser
If you choose light or dark mode, the site saves that choice in localStorage. Choosing “system” removes it. Chat history uses sessionStorage in the current tab. Language is part of the URL rather than a stored preference. The application does not set cookies.
Hosting and outside services
The static site and its API run on AWS, which processes network requests to deliver the pages and features. This site serves its own fonts and media. Home page widgets call my API, which retrieves public profile data from Last.fm, GitHub, and Bluesky on the server. Writing pages retrieve verified public webmentions through the same API.
There are no third-party tracking scripts or third-party iframes. YouTube, GitHub, LinkedIn, Bluesky, Last.fm, and other sites do not receive a request until you follow a link to them. Then your browser connects to that service, and its privacy terms apply.
Questions or corrections
If this description does not match what the site does, or you want to ask about a record, email me at ckellyreif@gmail.com.