PRIVACY
The short version: this site has analytics, but they're mine, they only run if you say yes, and nothing is ever sold or shared. No ad networks, no Google Analytics, no third-party trackers of any kind. If you decline, nothing about your visit is recorded at all.
Who's responsible
This site is run by me, Gaurav Raj Singh, as a personal portfolio. I decide what it collects and why, which makes me the data controller for it. There's no company behind it and no one else has access.
Nothing happens until you choose
The first time you visit, you get a prompt asking whether analytics are okay. Until you answer, no analytics event is recorded — not a pageview, not a timing, nothing. Declining is one click, exactly like accepting, and it sticks. I don't re-ask on every visit to wear you down.
What's collected if you accept
- Pages you view
- the path only — never the query string
- Where you came from
- the referring site's domain only (e.g. "github.com"), never the full URL
- Rough location
- country, region and city, derived from your IP by my host. Never a precise location
- Your device
- browser, operating system, whether you're on mobile/tablet/desktop, and window size
- What you interact with
- shell commands you run, easter eggs you find, theme changes, palette opens, filters, and clicks on outbound links like my GitHub or email
- How far you read
- scroll depth in 25% steps, and how many seconds you spent on a page
- How fast the site loaded
- standard Web Vitals timings, so I can tell if it's slow for real people
- Random IDs
- one for your browser, one for the visit — so I can tell 100 visits from 100 people
What's deliberately not collected
Your IP address is never stored. It's used in memory to work out your country and to stop one person flooding the endpoint, and what gets saved instead is a salted hash that rotates every day — so even I can't link your visits across two days by it, and it can't be turned back into an address by anyone who obtains the database. There's no session recording, no heatmap, no keystroke logging, no cross-site tracking, no fingerprinting, no ad profile, and nothing you type into the shell is stored server-side beyond the name of the command itself.
Why I collect it
Honestly? Curiosity and craft. I want to know whether anyone finds the shell, which projects people actually read, and whether the site is slow on real phones. My lawful basis is your consent, which is why the prompt exists and why declining costs you nothing — every part of this site works identically either way.
Where it goes and how long it's kept
Events go to a Postgres database I run on Neon, read only by me, through a password-protected page on this site. Raw events are deleted automatically after 90 days. Nothing is sold, shared, or handed to an advertiser, ever.
What's stored on your device
Site preferences and analytics IDs live in your browser's localStorage. It's the same kind of technology as a cookie — which is exactly why you get asked before the analytics ones are written. The preference keys below never leave your device and aren't sent anywhere:
- suvo:analytics-consent
- your answer to the analytics prompt. The only thing written before you choose anything — without it the prompt couldn't remember your answer and would nag you on every visit
- suvo:visitor-id
- a random ID identifying this browser, so a return visit isn't counted as a new person. Not linked to your name, email, or anything you do elsewhere
- suvo:session
- a random ID grouping one visit together
- suvo:theme-primary
- the phosphor color you picked in display settings
- suvo:crt-enabled
- whether the scanline overlay is on
- suvo:booted
- whether you've seen the boot sequence, so it doesn't replay every visit
- suvo:achievements
- which of the site's hidden easter eggs you've found
- suvo:sections-visited
- which homepage sections you've scrolled to, for one achievement
- suvo:shell-history
- commands you've typed into the shell, so ↑ and ctrl+r work
Clearing your browser's site data removes all of it. The shell's own history -c command clears just the history entry. The cookie policy breaks the same list down by whether each item needs your consent.
Your choice, changeable any time
Whatever you picked, you can change it here. Withdrawing consent stops collection immediately and deletes the IDs from your browser, so a later "yes" can't be linked back to your earlier visits.
checking your current setting...
Your rights
Under the GDPR and India's DPDP Act you can ask what I hold about you, ask for it deleted, or object to it entirely. In practice the honest answer is that the data is pseudonymous — I hold a random ID, not your name — so if you want it gone the fastest route is to clear this site's storage, which orphans it permanently, and it ages out within 90 days regardless. If you'd rather I did something specific, email me and I will.
Server logs
This site is hosted on Vercel, which keeps standard request logs (things like IP address and user agent) the way any web host does. That's separate from my analytics, happens whether or not you consent, and is what makes it possible to serve the site to you at all. I don't look at them unless something's broken.
The GitHub stats you see
The star counts on the projects page come from a route on this site that calls the GitHub API on the server, not from your browser. No data about you is sent to GitHub to fetch them.
If you email me
The contact links just open your own mail client. If you email me, I keep that email to reply to it, for as long as I'd keep any other conversation. Nothing more automated than that.
Changes
If what this site collects ever changes, I'll update this page. If it changes in a way that widens what's collected, the prompt asks again rather than assuming your old answer covers it. Last updated: 2026-07-16.
Questions
Email me at hello@mysuvo.com.