Privacy Policy

Privacy-Protecting Analytics

Gallformers uses a custom analytics system designed to respect visitor privacy while providing useful insights for site improvement. We believe in transparency about data collection and have built our analytics from the ground up to protect your privacy.

How It Works

We generate a daily visitor ID by hashing your IP address with a salt that changes every 24 hours. This cryptographic hash allows us to count unique daily visitors without storing any personally identifiable information. The process is one-way - we cannot reverse the hash to discover your IP address.

Once the daily salt changes (at midnight UTC), all previous visitor IDs become invalid and cannot be recreated. This makes cross-day tracking technically impossible, even if we wanted to do it.

The analytics system is fully open source and can be inspected on GitHub. View the implementation: Analytics module and Analytics plug .

View Live Analytics

You can view real-time site analytics at our public Analytics page , which shows the same data collected using this privacy-protecting approach.

What We Don't Store

  • IP Addresses: Never stored or logged
  • User Agents: Not stored in full - only the browser family and device type are extracted
  • Cookies: No tracking cookies are set
  • Cross-Session Data: We cannot track you across sessions or days
  • Personal Information: No email addresses, names, or other identifying information

What We Do Collect

The following information is collected and aggregated for statistical purposes only:

  • Page Paths: Which pages are visited (e.g., "/about", "/gall/123")
  • Referrer Domains: Where visitors come from (e.g., "google.com", "twitter.com")
  • Device Types: Whether you're on mobile, tablet, or desktop
  • Browser Families: General browser category (e.g., "Chrome", "Firefox", "Safari")
  • Daily Unique Visitors: Count of unique visitors per day (using the hashed ID)

Data Retention

Analytics data is retained indefinitely in aggregate form to help us understand long-term trends and site usage patterns. However, since we only store the daily hashed visitor ID (which changes every 24 hours), there is no way to connect visits across different days or identify individual users.

No Third-Party Trackers

Gallformers does not use Google Analytics, Facebook Pixel, or any other third-party tracking services. All analytics are performed in-house using our custom system.

Authentication (Auth0)

If you log in to Gallformers to become an administrator, we use Auth0 for authentication. When you authenticate, Auth0 may collect information according to their privacy policy. We only receive and store:

  • Your Auth0 user ID
  • Your email address (if you provide it)
  • Your display name and profile picture (if you provide them)

This information is used solely for authentication and attribution of your contributions to the site.

Cookies

Gallformers uses session cookies for authenticated users (administrators) to maintain login state. These cookies are essential for the site to function and do not track your behavior. No cookies are set for anonymous visitors.

External Services

Gallformers uses the following external services:

  • AWS S3: For hosting images
  • Fly.io: For application hosting
  • Auth0: For user authentication (administrators only)

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us at gallformers@gmail.com.

Last updated: January 31, 2026