Get the course
Privacy

Privacy Policy.

Last updated: 2026-04-29

The short version

RouteHarden is a publication and consultancy. We collect the minimum information needed to run the site and reply to you when you reach out. We do not sell data to third parties. We don't run behavioral ad tracking. The infrastructure is on Cloudflare and Google Cloud OAuth — both have their own privacy practices that apply when you interact with them.

What we collect, and why

  • Server logs.Cloudflare logs HTTP requests (IP, user-agent, URL, response code) for security and abuse mitigation. Logs are retained according to Cloudflare's default policy and not sold to third parties.
  • Aggregated web analytics. Cloudflare Web Analytics counts page views and visits. It does not use cookies and does not fingerprint visitors. There is no cross-site tracking.
  • Newsletter email. If you subscribe via the homepage form, we store your email address and the date you subscribed. Welcome and product-announcement emails are sent from a @routeharden.com address. You can unsubscribe at any time using the link in any email — that removes you immediately.
  • Account data (OAuth sign-in). When you sign in with Google, we receive your email address, your Google account display name, and an opaque user identifier. We do not receive your Google password and we never have access to anything else in your Google account. We do not post on your behalf.
  • Email you send to us. If you write to hello@routeharden.com, the message is routed through Cloudflare Email Routing to a standard mail provider so we can read and reply.

What we do not collect

  • No third-party advertising trackers.
  • No Google Analytics, no Facebook Pixel, no LinkedIn Insight.
  • No browser fingerprinting beyond the access logs Cloudflare keeps for security.
  • No payment information — there is no paid product on the site today; if and when there is, payments will be handled by a dedicated payment processor and we will update this page.

Cookies

The site uses a single first-party session cookie for signed-in users (set by Auth.js). It exists only while you're signed in. There are no advertising cookies and no cross-site tracking cookies.

Your rights

If you're in a jurisdiction that grants you data subject rights — GDPR (EU/UK), CCPA (California), PIPEDA (Canada), and similar — you can request a copy of, correction of, or deletion of any personal data we hold about you. Email hello@routeharden.com from the address on file and we'll respond within 30 days.

Children

RouteHarden is written for technical adults. We do not knowingly collect data from anyone under 16. If you believe a child has submitted information, contact us and we will delete it.

Changes

If we change this policy materially we'll update the date at the top of the page and, where appropriate, send a notice to newsletter subscribers. The history of this file is in the public git repository.

Contact

hello@routeharden.com for everything privacy-related. For security disclosures, see /.well-known/security.txt.