English
Search Day Night
English
Search

Privacy Policy

Last updated: June 2026

The short version

We don't sell your data, and we don't run display/banner ads. We do use affiliate links and privacy-respecting, cookieless analytics. We also run Google Analytics, which — for visitors in the EU/EEA/UK — loads only after you agree via the cookie banner; you can change your mind anytime via "Cookie settings" in the footer. We collect the minimum needed to keep the site running and improve what we publish. You can email us at [email protected] at any time to ask what we have, request a copy, or have it deleted.

Who runs this site

The KristiKay Diary is owned and operated by NOIQUE CO. LLC. References in this document to "we," "us," or "our" mean NOIQUE CO. LLC. The site is published at kristikaywrites.com (and during development at kristikay-diary.pages.dev).

What we collect, why, and for how long

Data Source Purpose Retention
Aggregate page views, country, referrer, browser/OS Umami (self-hosted, cookieless) — no personal identifiers stored Measure which posts resonate; spot abuse Aggregate only, on our own infrastructure
IP address and user-agent string Cloudflare edge server logs Abuse prevention (rate-limiting, bot detection) Up to 30 days, per Cloudflare's retention policy
Email address (and optional name) You, when subscribing to the newsletter Send newsletter Until you unsubscribe (one-click in every email)
Comment content, name, email, GitHub avatar URL You, if comments are enabled and you post one Render the comment thread on the post Indefinite while the post is live; you can request deletion
Contact-form message content You, when emailing us Reply to your message 2 years in our mailbox; deleted on request

What we don't do

  • We don't sell, rent, or trade your data.
  • We don't run display/banner advertising. (We do earn via affiliate links, and we use analytics — cookieless Umami plus Google Analytics, the latter consent-gated for EU/EEA/UK visitors. See Cookies & consent below.)
  • We don't fingerprint your browser or build cross-site profiles.
  • We don't share your data with anyone outside the third-party processors listed below.

Cookies & consent

Functional storage (not tracking). We keep a couple of small first-party items that don't profile you: localStorage entries theme (your light/dark choice) and kk_consent (your cookie choice), plus a short-lived kk_geo cookie that only records whether you're in a region where we must ask for consent. These stay in your browser / are used only to run the site.

Cookieless analytics (no consent needed). We measure aggregate traffic with Umami, a privacy-friendly analytics tool we self-host on our own infrastructure. It sets no cookies and stores no personal identifiers, so it runs for all visitors without a consent prompt.

Consent-gated third-party cookies. One service we use sets its own cookies, so for visitors in the EU/EEA/UK we load it only after you accept via the cookie banner (and not at all if you decline). Outside those regions it loads normally:

  • Google Analytics 4 — sets _ga / _ga_* cookies for aggregate usage stats; we enable anonymize_ip. See Google's privacy policy.

Other embedded content may set cookies if you interact with it — e.g. YouTube videos (on playback) or Giscus comments (a GitHub session cookie when you sign in).

Changing your choice (EU/EEA/UK): click "Cookie settings" in the footer at any time to accept or withdraw consent — withdrawing stops the consent-gated scripts from loading on your next page view. None of these cookies are required to read the site.

Third-party processors

We use a small set of third-party providers; each gets only the data needed to do its job:

  • Cloudflare Inc. (US/EU edge) — hosting, CDN, edge analytics, DDoS protection. Privacy policy: cloudflare.com/privacypolicy
  • GitHub Inc. (US) — code hosting + Discussions backend (used by Giscus comments, if enabled). Privacy: github.com privacy
  • Google LLC (US) — Google Analytics 4 (consent-gated for EU/EEA/UK; anonymize_ip on) and Google Search Console. Privacy: policies.google.com/privacy
  • Newsletter provider (TBD — likely Mailchimp / ConvertKit / Buttondown when wired) — receives subscriber email + unsubscribe state. Specific provider will be named here once chosen.
  • Affiliate networks — see the Affiliate Disclosure for the current program list.

Your rights

Depending on where you live (GDPR/UK GDPR for the EU/UK, CCPA/CPRA for California, similar laws elsewhere), you have the right to:

  • Access — ask what personal data we hold about you and get a copy.
  • Rectify — ask us to correct inaccurate data.
  • Delete — ask us to remove your data ("right to erasure"). Some data may need to be retained for legal/audit reasons; we'll tell you if so.
  • Restrict / Object — limit how we process your data, or object to specific uses.
  • Portability — get your data in a portable format (we'll export newsletter subscriber data on request).
  • Opt out of "sale" or "sharing" (CCPA term of art) — N/A for us; we don't sell or share your data.
  • Lodge a complaint with your local data-protection authority.

How to exercise any of these rights: email [email protected] from the email address associated with your data, with a clear request. We aim to respond within 30 days (extendable by 60 days for complex requests under GDPR). No identification fee.

Children's privacy

The site is not directed at children under 13 (or 16 in some jurisdictions). We don't knowingly collect personal information from children. If you believe a child has submitted personal information to us, please email [email protected] and we'll delete it.

International data transfers

Our hosting and most processors are based in the United States. If you're in the EU/UK, your data may be transferred to and processed in the US. We rely on the data-protection mechanisms each processor provides (e.g., Cloudflare and Google use the EU Standard Contractual Clauses).

Affiliate links

Some posts contain affiliate links. Clicking one may share your visit with the merchant through a referral URL parameter — that's how they know to credit us if you buy. We don't pass any additional personal data to the merchant. See the Affiliate Disclosure for the full picture, including the current program list.

Security

The site is served over HTTPS with HSTS (long-lived, preload-eligible). We follow industry-standard practices to protect data in transit and at rest. No method of internet transmission is 100% secure, but we report any material data breach affecting you within 72 hours of discovery.

Changes to this policy

We update this policy from time to time. Material changes are announced at the top of the page for 30 days; we revise the "Last updated" date on every change. Your continued use of the site after a change means you accept the revised policy.

Contact

Questions, requests, or concerns about your privacy? Email [email protected]. Reference "Privacy request" in the subject line so we can prioritize.