Search Day Night
Search

Privacy Policy

Last updated: May 2026

The short version

We don't sell your data. We don't run ads or third-party tracking pixels. We collect the minimum needed to keep the site running and improve what we publish. You can email us at [email protected] at any time to ask what we have, request a copy, or have it deleted.

Who runs this site

The KristiKay Diary is owned and operated by NOIQUE CO. LLC. References in this document to "we," "us," or "our" mean NOIQUE CO. LLC. The site is published at kristikaywrites.com (and during development at kristikay-diary.pages.dev).

What we collect, why, and for how long

Data Source Purpose Retention
Aggregate page views, country, referrer, browser/OS Cloudflare Web Analytics (cookieless) Measure which posts resonate; spot abuse 6 months (Cloudflare default)
IP address and user-agent string Cloudflare edge server logs Abuse prevention (rate-limiting, bot detection) Up to 30 days, per Cloudflare's retention policy
Email address (and optional name) You, when subscribing to the newsletter Send newsletter Until you unsubscribe (one-click in every email)
Comment content, name, email, GitHub avatar URL You, if comments are enabled and you post one Render the comment thread on the post Indefinite while the post is live; you can request deletion
Contact-form message content You, when emailing us Reply to your message 2 years in our mailbox; deleted on request

What we don't do

  • We don't sell, rent, or trade your data.
  • We don't run third-party advertising or ad-tracking pixels.
  • We don't fingerprint your browser or build cross-site profiles.
  • We don't share your data with anyone outside the third-party processors listed below.

Cookies

The site itself sets no first-party tracking cookies. The only browser storage we use is a single localStorage entry called theme (value "dark" or unset) that remembers whether you toggled the dark-mode switch — that's never sent to our servers, it stays in your browser.

Third-party cookies may be set by content embedded on a page:

  • YouTube videos embedded in articles set their own cookies once you start playback. Block them at the browser level if you prefer.
  • Google Analytics (if/when enabled) sets _ga and _ga_* cookies. We enable anonymize_ip by default.
  • Giscus comments (if/when enabled) sets a GitHub session cookie when you sign in to comment.

None of these are required to read the site — refusing them at the browser level only affects optional features (video playback, analytics participation, commenting).

Third-party processors

We use a small set of third-party providers; each gets only the data needed to do its job:

  • Cloudflare Inc. (US/EU edge) — hosting, CDN, edge analytics, DDoS protection. Privacy policy: cloudflare.com/privacypolicy
  • GitHub Inc. (US) — code hosting + Discussions backend (used by Giscus comments, if enabled). Privacy: github.com privacy
  • Google LLC (US) — only if Google Analytics or Google Search Console is enabled. We use anonymize_ip for GA. Privacy: policies.google.com/privacy
  • Newsletter provider (TBD — likely Mailchimp / ConvertKit / Buttondown when wired) — receives subscriber email + unsubscribe state. Specific provider will be named here once chosen.
  • Affiliate networks — see the Affiliate Disclosure for the current program list.

Your rights

Depending on where you live (GDPR/UK GDPR for the EU/UK, CCPA/CPRA for California, similar laws elsewhere), you have the right to:

  • Access — ask what personal data we hold about you and get a copy.
  • Rectify — ask us to correct inaccurate data.
  • Delete — ask us to remove your data ("right to erasure"). Some data may need to be retained for legal/audit reasons; we'll tell you if so.
  • Restrict / Object — limit how we process your data, or object to specific uses.
  • Portability — get your data in a portable format (we'll export newsletter subscriber data on request).
  • Opt out of "sale" or "sharing" (CCPA term of art) — N/A for us; we don't sell or share your data.
  • Lodge a complaint with your local data-protection authority.

How to exercise any of these rights: email [email protected] from the email address associated with your data, with a clear request. We aim to respond within 30 days (extendable by 60 days for complex requests under GDPR). No identification fee.

Children's privacy

The site is not directed at children under 13 (or 16 in some jurisdictions). We don't knowingly collect personal information from children. If you believe a child has submitted personal information to us, please email [email protected] and we'll delete it.

International data transfers

Our hosting and most processors are based in the United States. If you're in the EU/UK, your data may be transferred to and processed in the US. We rely on the data-protection mechanisms each processor provides (e.g., Cloudflare and Google use the EU Standard Contractual Clauses).

Affiliate links

Some posts contain affiliate links. Clicking one may share your visit with the merchant through a referral URL parameter — that's how they know to credit us if you buy. We don't pass any additional personal data to the merchant. See the Affiliate Disclosure for the full picture, including the current program list.

Security

The site is served over HTTPS with HSTS (long-lived, preload-eligible). We follow industry-standard practices to protect data in transit and at rest. No method of internet transmission is 100% secure, but we report any material data breach affecting you within 72 hours of discovery.

Changes to this policy

We update this policy from time to time. Material changes are announced at the top of the page for 30 days; we revise the "Last updated" date on every change. Your continued use of the site after a change means you accept the revised policy.

Contact

Questions, requests, or concerns about your privacy? Email [email protected]. Reference "Privacy request" in the subject line so we can prioritize.