~/privacy-policy.md

Privacy Policy

Last Updated: December 11, 2025

We believe in a private Internet. This website (0xghost.dev) was built with privacy-by-design principles. We do not sell your data, we do not use advertising cookies, and we do not track you across the web.

1. Data Controller

The data controller for this website is Mohammed Ifkirne (0xGhost), contactable at [email protected] or via our GitHub Repository.

2. Analytics (The "Beacon")

We use Cloudflare Web Analytics to understand website performance and popularity.

  • What it collects: Aggregate metrics such as page load time, page views, referrer information, device type, browser type, and country of origin.
  • What it does NOT collect: It does not use cookies, it does not use local storage, and it does not collect or store unique IP addresses, fingerprints, or personally identifiable information (PII).
  • The "Beacon": You may see network requests to cloudflareinsights.com. This is a lightweight, cookie-less script used solely for these aggregate metrics.
  • Data Retention: Cloudflare retains this aggregate data for up to 6 months.
  • Legal Basis (GDPR): We rely on Legitimate Interest (GDPR Art. 6(1)(f)) to process this strictly necessary aggregate data to ensure the security and performance of our site.
  • Legal Basis (CCPA): This data is not considered "personal information" under CCPA as it cannot be linked to a specific consumer.

You can read Cloudflare's official privacy statement here: Cloudflare Web Analytics Privacy.

3. Hosting & Security

This website is hosted on Cloudflare Pages.

  • Data Processing: Cloudflare processes network information (such as your IP address, request metadata, and connection details) when you connect to this site. This data is used strictly to deliver the content and protect the site from security threats.
  • Logs: Cloudflare retains limited access logs for a short duration (typically 24-72 hours) to identify and block malicious traffic (DDoS attacks, bots, and vulnerability scanners).
  • Legal Basis (GDPR): Processing this data is necessary for the Security of Network and Information Systems (Recital 49 GDPR) and for the Performance of a Contract (GDPR Art. 6(1)(b)) to deliver the requested web content.
  • Data Location: Cloudflare operates globally. Your data may be processed in any country where Cloudflare maintains facilities. Cloudflare complies with GDPR and has appropriate safeguards in place.

Learn more: Cloudflare Privacy Policy.

4. Third-Party Services

This website may contain links to external services for support/donations:

  • Ko-fi (ko-fi.com/0xghost): If you choose to support via Ko-fi, you will be redirected to Ko-fi's platform. Ko-fi's privacy policy applies to any data you provide there.
  • External Links: We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.

We do not receive, store, or process any payment information or personal details from these services beyond what is publicly visible (e.g., your public username if you choose to sponsor publicly).

5. Comments (Giscus)

This website uses Giscus for blog post comments, which is powered by GitHub Discussions.

  • What it collects: If you choose to comment, Giscus/GitHub will process your GitHub account information (username, avatar, email associated with your GitHub account) and your comment content.
  • Data Controller: GitHub (Microsoft) is the data controller for this data, not us.
  • Privacy Policy: GitHub Privacy Statement
  • Your Control: You can delete your comments at any time via GitHub Discussions. We do not store comment data on our servers. Comment contents are fetched dynamically from GitHub's API solely for display purposes. We do not persist this data in our own database.

6. No Cookies

This website does not use cookies for tracking, analytics, or any other purpose. The only cookies you may encounter are those set by third-party services (Cloudflare, GitHub, Ko-fi) if you interact with them, which are governed by their respective privacy policies.

7. Your Rights (GDPR & CCPA)

Since we operate as a static website without a database or user accounts, we generally do not hold any personal data that can be linked to a specific individual.

However, under GDPR and CCPA, you retain rights regarding your data where it exists:

  • Right to Access & Portability: You have the right to request a copy of your data. Note: Since we do not track you, we will likely have no data to provide.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request we delete your data. Note: As we do not store personal logs or cookies, there is usually nothing to delete.
  • Right to Object: You can object to processing. Note: You can exercise this by enabling "Do Not Track" in your browser or blocking the Cloudflare script.

How to exercise these rights:

Because we cannot identify users based on the aggregate analytics or temporary security logs provided by Cloudflare, we may not be able to fulfill requests directly.

  • For Comments: Please manage your data directly via GitHub.
  • For Hosting/Security: If you believe Cloudflare holds data on you, you may need to contact them directly, as we do not have access to raw IP logs linking to your identity.

To submit a request or ask for clarification, contact [email protected].

8. Data Retention

  • Cloudflare Analytics: Up to 6 months (aggregate, non-identifiable data).
  • Cloudflare Logs: 24-72 hours (IP addresses and request metadata).
  • Comments (GitHub): Retained by GitHub according to their retention policies.

9. Children's Privacy

This website is not directed at children under the age of 16 (or 13 in the US). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Transfers

Your data may be transferred to and processed in countries outside of your country of residence, including the United States and other countries where Cloudflare and GitHub operate. These transfers are subject to appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Contact & Complaints

If you have questions about this policy, contact:

If you are in the EU/EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority.

12. Updates to This Policy

We reserve the right to update this policy at any time to reflect changes in our practices, legal requirements, or services. Any material changes will be posted on this page, and the Last Updated date will be updated accordingly. Continued use of this website after changes constitutes acceptance of the updated policy.