[ skip to content ]
00

PRIVACY

PRIVACY.TXTR/O

The short version: this site has analytics, but they're mine, they only run if you say yes, and nothing is ever sold or shared. No ad networks, no Google Analytics, no third-party trackers of any kind. If you decline, nothing about your visit is recorded at all.

Who's responsible

This site is run by me, Gaurav Raj Singh, as a personal portfolio. I decide what it collects and why, which makes me the data controller for it. There's no company behind it and no one else has access.

Nothing happens until you choose

The first time you visit, you get a prompt asking whether analytics are okay. Until you answer, no analytics event is recorded — not a pageview, not a timing, nothing. Declining is one click, exactly like accepting, and it sticks. I don't re-ask on every visit to wear you down.

What's collected if you accept

Pages you view
the path only — never the query string
Where you came from
the referring site's domain only (e.g. "github.com"), never the full URL
Rough location
country, region and city, derived from your IP by my host. Never a precise location
Your device
browser, operating system, whether you're on mobile/tablet/desktop, and window size
What you interact with
shell commands you run, easter eggs you find, theme changes, palette opens, filters, and clicks on outbound links like my GitHub or email
How far you read
scroll depth in 25% steps, and how many seconds you spent on a page
How fast the site loaded
standard Web Vitals timings, so I can tell if it's slow for real people
Random IDs
one for your browser, one for the visit — so I can tell 100 visits from 100 people

What's deliberately not collected

Your IP address is never stored. It's used in memory to work out your country and to stop one person flooding the endpoint, and what gets saved instead is a salted hash that rotates every day — so even I can't link your visits across two days by it, and it can't be turned back into an address by anyone who obtains the database. There's no session recording, no heatmap, no keystroke logging, no cross-site tracking, no fingerprinting, no ad profile, and nothing you type into the shell is stored server-side beyond the name of the command itself.

Why I collect it

Honestly? Curiosity and craft. I want to know whether anyone finds the shell, which projects people actually read, and whether the site is slow on real phones. My lawful basis is your consent, which is why the prompt exists and why declining costs you nothing — every part of this site works identically either way.

Where it goes and how long it's kept

Events go to a Postgres database I run on Neon, read only by me, through a password-protected page on this site. Raw events are deleted automatically after 90 days. Nothing is sold, shared, or handed to an advertiser, ever.

What's stored on your device

Site preferences and analytics IDs live in your browser's localStorage. It's the same kind of technology as a cookie — which is exactly why you get asked before the analytics ones are written. The preference keys below never leave your device and aren't sent anywhere:

suvo:analytics-consent
your answer to the analytics prompt. The only thing written before you choose anything — without it the prompt couldn't remember your answer and would nag you on every visit
suvo:visitor-id
a random ID identifying this browser, so a return visit isn't counted as a new person. Not linked to your name, email, or anything you do elsewhere
suvo:session
a random ID grouping one visit together
suvo:theme-primary
the phosphor color you picked in display settings
suvo:crt-enabled
whether the scanline overlay is on
suvo:booted
whether you've seen the boot sequence, so it doesn't replay every visit
suvo:achievements
which of the site's hidden easter eggs you've found
suvo:sections-visited
which homepage sections you've scrolled to, for one achievement
suvo:shell-history
commands you've typed into the shell, so ↑ and ctrl+r work

Clearing your browser's site data removes all of it. The shell's own history -c command clears just the history entry. The cookie policy breaks the same list down by whether each item needs your consent.

Your choice, changeable any time

Whatever you picked, you can change it here. Withdrawing consent stops collection immediately and deletes the IDs from your browser, so a later "yes" can't be linked back to your earlier visits.

checking your current setting...

Your rights

Under the GDPR and India's DPDP Act you can ask what I hold about you, ask for it deleted, or object to it entirely. In practice the honest answer is that the data is pseudonymous — I hold a random ID, not your name — so if you want it gone the fastest route is to clear this site's storage, which orphans it permanently, and it ages out within 90 days regardless. If you'd rather I did something specific, email me and I will.

Server logs

This site is hosted on Vercel, which keeps standard request logs (things like IP address and user agent) the way any web host does. That's separate from my analytics, happens whether or not you consent, and is what makes it possible to serve the site to you at all. I don't look at them unless something's broken.

The GitHub stats you see

The star counts on the projects page come from a route on this site that calls the GitHub API on the server, not from your browser. No data about you is sent to GitHub to fetch them.

If you email me

The contact links just open your own mail client. If you email me, I keep that email to reply to it, for as long as I'd keep any other conversation. Nothing more automated than that.

Changes

If what this site collects ever changes, I'll update this page. If it changes in a way that widens what's collected, the prompt asks again rather than assuming your old answer covers it. Last updated: 2026-07-16.

Questions

Email me at hello@mysuvo.com.