We use cookies for the boring necessary things.
We don't use tracking cookies, cross-site identifiers, or third-party advertising tags. Site usage telemetry runs through Plausible Cloud, which is cookieless by design.
What cookies are set
One cookie is set when you visit this site: __cf_bm. Cloudflare sets it for bot-management and security; it lasts 30 minutes from your most recent request and stores no personal data in the cookie body. Cloudflare classifies it as strictly necessary, and it does not track you across sites.
US state privacy laws — such as the Texas Data Privacy and Security Act — tie consent and opt-out obligations to selling personal data and to targeted advertising, not to a strictly-necessary security cookie. We do neither, and we run no advertising or cross-site-tracking tags. Even under the stricter EU/UK ePrivacy rules, security and anti-abuse cookies fall within the "strictly necessary" exemption from consent.
Why there is no consent banner
Consent banners are required when a site sets non-essential cookies or uses cross-site tracking. We do neither. Site analytics run on Plausible Cloud, which uses no cookies and no persistent identifiers — visit counts are aggregated at the request level using a daily-rotating salted hash that cannot identify a returning visitor.
Where to learn more
Our broader handling of personal data — what we collect through forms, retention, the deletion-request flow, and sub-processors — is documented in the Privacy notice. The Plausible Cloud approach is documented at plausible.io/data-policy.