Privacy Policy
Last updated: June 28, 2026
This Privacy Policy explains how hoicau.com and all of its subdomains (collectively, “this site”) handle your data.
Data Minimization by Design
The site (hoicau.com) is a fully static website built to collect as little as possible:
- No ADs and no third-party tracking scripts.
- No comment system, and no account or login is required.
- No self-operated server running so the owner of the site CANNOT record or store personal data on server that they own.
- No cookies used. Your dark/light theme preference is stored only in your browser’s
localStorage; it never leaves your device and is never sent to me. - Fonts are self-hosted at build time, so your browser makes no requests to third parties to load them.
The only data processing that occurs is the server logging and optional analytics described below.
What Data Is Processed, and the Legal Basis
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Server logs — IP address, user-agent, timestamp, requested URL (recorded by Cloudflare) | Security, abuse prevention, and reliable content delivery | Legitimate interest — Art. 6(1)(f) |
| Cloudflare Web Analytics — aggregate page views, referrer, country, browser (cookieless; not loaded for EU visitors) | Understanding overall, non-identifying traffic trends | Legitimate interest — Art. 6(1)(f) |
| Sign-in identity (e.g. email) for protected subdomains | Authenticating access via Cloudflare Zero Trust | Necessary to provide the requested service — Art. 6(1)(b)/(f) |
Note that, under GDPR, an IP address is personal data. This site does not seek to identify you from it, but it is processed by Cloudflare as part of normal request handling.
Cloudflare Web Analytics
This site uses Cloudflare Web Analytics, a privacy-first tool that is cookieless, uses no localStorage or fingerprinting, and does not track you across other websites. It records only aggregate, non-identifying metrics.
It is disabled entirely for visitors from the EU — if you visit from the European Union, no analytics beacon is loaded for you at all.
GDPR Compliance
This site is designed to be GDPR-Compliant:
- No cookies and no cross-site tracking.
- Analytics is switched off completely for EU visitors, so no analytics processing occurs for them.
- The remaining processing (server logs) is limited to what is necessary for security and delivery, on the basis of legitimate interest.
- No automated decision-making or profiling takes place.
International Transfers
Cloudflare is a US-based provider and may process data (including request logs) outside the EEA, including in the United States. Where this involves EEA personal data, such transfers are covered by Cloudflare’s Data Processing Addendum and Standard Contractual Clauses. See the Cloudflare Privacy Policy and Cloudflare DPA for details.
Data Retention
I do not maintain a separate database of visitors. Server logs and analytics are retained for the limited periods set by Cloudflare’s own retention practices, after which they are deleted or aggregated by Cloudflare. I do not export or keep my own copies of these logs.
Subdomains & Apps
Subdomains run several third-party, open-source applications for personal use. With the exception of rmtrackers.hoicau.com, all are protected by Cloudflare Zero Trust (Access) and require authentication before access, which means these applications are NOT publicly accessible. During authentication, Cloudflare processes your sign-in identity (such as an email address) to verify you.
External Links
This site links to external websites such as GitHub and share buttons (X, Facebook, Telegram). Those third parties only receive information about you if you actively click through. Each has its own privacy policy, outside the scope of this one.
Your Rights
If you are in the EU/EEA, you have the right to:
- Access the personal data processed about you;
- Request rectification of inaccurate data;
- Request erasure (“right to be forgotten”);
- Request restriction of processing;
- Object to processing based on legitimate interest;
- Data portability; and
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these, email me at admin@hoicau.com. Because much of the processing is handled by Cloudflare, some requests may need to be directed to Cloudflare as the processor, and I will help where I can.
Contact
For any questions about this Privacy Policy, email me at admin@hoicau.com.
Changes to This Policy
This policy may be updated as the site’s features change. Any changes will be reflected on this page, with the “Last updated” date above revised accordingly.