privacy policy

last updated: April 15, 2026

overview

ASSIE is a personal website and portfolio. It showcases work, notes, and public stats. This Privacy Policy explains what data is collected when you visit this site and how it is handled.

data we collect

This site uses Rybbit, a self-hosted, open-source analytics tool. All data is processed on my own server and never sent to third parties. Rybbit collects the following anonymous data about website visits:

  • Page data: URLs visited, page titles, referrers, and query parameters
  • Visit information: Session duration, entry and exit pages
  • Device information: Browser type and version, operating system, screen resolution, device type
  • Location data: Country and region (derived from IP address, which is not stored)
  • Marketing data: UTM parameters (source, medium, campaign)
  • Custom events: If configured

how we process IPs

When processing visitor data, IP addresses are only used temporarily to determine geographic location (country and region). The actual IP addresses are never stored, preserving visitor anonymity while still providing geographic insights.

how data is used

The collected data is used exclusively to:

  • Provide anonymous, aggregated statistics about site visitors
  • Show trends in traffic and user behavior
  • Help identify popular content and referral sources
  • Understand how visitors navigate the site

data ownership

All collected analytics data is stored exclusively on my own server, physically located in my office. The data never leaves my infrastructure and is not processed by any third-party cloud provider.

data retention

Analytics data is retained for 2 years, after which it is automatically deleted.

GDPR and privacy regulations compliance

This site is designed with privacy regulations in mind, including GDPR and the ePrivacy Directive:

  • Only minimal data needed for analytics is collected
  • No cookies or local storage are used
  • Visitors are not tracked across different websites
  • No personal data that could directly identify individuals is collected or stored
  • Analytics data is never shared or sold

security measures

Appropriate technical and organizational security measures are in place to protect visitor data. This includes secure hosting, regular software updates, and monitoring for unauthorized access.

security incidents & DPO

If you have discovered a security vulnerability, are reporting a data breach, or need to reach the Data Protection Officer (DPO) for privacy-related concerns under GDPR or other applicable regulations, please contact directly at security@aio.sh.

All security reports are taken seriously with an aim to respond within 72 hours. For general inquiries unrelated to security or data protection, please use the contact address below.

changes to this policy

This Privacy Policy may be updated periodically to reflect changes in practices or for legal reasons. The updated policy will be posted on this page with a revised date.

contact us

If you have questions about this Privacy Policy or this site's data practices, please reach out at hi@aio.sh.