Skip to content

Legal

Privacy.

I respect your privacy. This page explains what data this website collects, what it does with it, and what it doesn't.

What this site collects

The public-facing pages of this site do not run analytics, do not set tracking cookies, and do not embed third-party trackers. Standard server access logs are kept by the hosting provider for operational and security purposes (typically IP address, user agent, requested URL, and timestamp). Access logs are retained for no longer than 90 days.

Correspondence

If you reach out via the contact form, your message is retained only as long as needed for the purpose for which it was sent, and in any event no longer than five years from the date of receipt. I don't add you to any mailing list, ever. I don't share your details with anyone.

OAuth integrations

Non-public endpoints on this domain provide OAuth callback handling for personal-use software accessing the operator's own Google and Microsoft accounts. The disclosure below applies only to data accessed via those OAuth flows; it does not affect ordinary visitors to this site.

Posture

  • Personal-use software. Used only by the operator and authorized household members on accounts they themselves own.
  • No third-party data processors.

Data categories

Authenticated user's email address; OAuth refresh tokens (encrypted at rest); message metadata and bodies; calendar event metadata; file metadata for user-selected documents.

Google scopes

  • https://mail.google.com/
  • https://www.googleapis.com/auth/gmail.readonly
  • https://www.googleapis.com/auth/gmail.send
  • https://www.googleapis.com/auth/calendar.readonly
  • https://www.googleapis.com/auth/calendar.events
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/drive.readonly
  • https://www.googleapis.com/auth/drive.file

Google API Services User Data Policy

Use of information received from Google API Services adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data is used solely for the user-facing features listed above; not for advertising; not sold; not transferred to third parties; not read by other humans except as required for security, legal compliance, or in aggregated and anonymized form.

Cross-border transfer

Processing occurs partly on infrastructure outside the Republic of South Africa. Per POPIA s72, such transfer is conducted on the basis of (i) the recipient infrastructure being subject to laws affording substantially similar protection, and (ii) data subjects' consent granted through the OAuth flow.

Revoke and delete

Revoke at myaccount.google.com/permissions (Google) or account.live.com/consent/Manage (Microsoft). Deletion of derived local data can be requested via the contact form, subject "OAuth Privacy". Derived data is removed within 30 days.

Your rights

Under the Protection of Personal Information Act 4 of 2013 ("POPIA"), the site operator acts as the Responsible Party. You have rights of access, correction, deletion, and objection under POPIA sections 23-25. To exercise any of these rights, send a note via the contact form.

Last updated 24 May 2026.