PRIVACY AND ANALYTICS

First-party, cookieless analytics: path of the visited page, language (en/fr), referring domain, and two-letter country code derived from the request IP.

A daily anonymous fingerprint: HMAC-SHA256 hash of the IP and user-agent, salted with a secret key that rotates every day. This fingerprint allows counting unique daily visitors but cannot re-identify the same person on the next day.

Email address, and only the email, if you subscribe to the weekly brief. Unsubscribe is available at any time via a signed link.

No plaintext IP storage. No behavioral profile. No identification cookie by default.

No cross-site tracking, no persistent fingerprinting, no sale or sharing of data with third parties.

No private-communication content is ever accessed or stored — we monitor only public sources accessible without authentication.

Analytics: 90 days maximum, then automatic purge.

Subscription email: until you unsubscribe; immediate deletion on request.

Operational server logs: 30 days maximum, technical use only (debugging, security).

Google Analytics is enabled only if the NEXT_PUBLIC_ENABLE_GA environment variable is set. By default it is disabled and no third-party measurement script is loaded.

When Google Analytics is enabled, a consent banner (CookieYes) is shown. Declining prevents any third-party cookie drop.

You can request access, rectification, or deletion of any data concerning you via the Contact page. We respond within 30 days.

In case of dispute, you can file a complaint with the competent data-protection authority (CNIL in France, EDPB at EU level).