These cookies include:
- Session cookies
- Settings cookies
For analytics, I use a custom, fully open-source solution that hooks directly into my CMS, Admiral.
By doing this, I can keep your data on my own servers instead of having it hang around at third-party providers (whom will use it to track you and sell you stuff) while also being able to offer full transparency about what I do with the data I gather..
Once you leave my site, my website won't track you.
All data obtained is data that are being sent by the client during a request anyways.
Ofcourse, I do understand that you might not want to be tracked at all, therefore, I allow you to completely disable my analytics as long as you want!
HIBP is a project started by Troy Hunt that provides anyone a free resource to quickly assess if they have been put at risk of having their accounts being compromised (or "pwned" as IT people call it).
Passwords are everywhere and websites can be breached.
Unfortunately, you are often the victim of these breaches, even if you don't know it.
Your login credentials, email address, personal details and sometimes even credit card details are all at risk when these breaches occur.
Thanks to HIBP, I am often aware of these breaches before any real damage can be done.
By enabling this option, you give my website the permission to send the first five (out of 40) characters of a hashed version of your password to the HIBP API.
This data is enough information for them without exposing the entire hash to HIBP.
In term, HIBP will return a list of anonymized data (using k-anonymity) after which my website will have a look in the results to see if the complete hash of your password has been found.
If it's found, I'll be able to give you a heads-up.
Because (for security reasons) my website doesn't store your password in plaintext, my website is only able to do this under the following circumstances:
- You register (you'll be instantly informed)
- You login (you'll be informed by mail)
- You reset/change your password (you'll be instantly informed)
Please do note that after you register, disabling this setting will disable login checks on this client only.
This means that if you disable this setting on (for example) your phone but not your desktop, the login check will still happen on your desktop.
This behaviour might change in the future.
If you decide to opt-out of this feature, we won't send anything to HIBP and you won't get informed in case your password is compromised.
How is your data collected and processed?
Your data is collected by the open-source solution I've written.
It collects your data by loading a small script that sends a tiny request to my server for the data collection.
Data collected by this includes (and is currently limited to):
- A unique identifier
- Your IP address
- Your Country (not yet implemented)
- Your browser's User Agent
- The page you are on
- The user's settings (the thingy above)
- The timestamp of collection
This data shall be used for the following purposes:
- See which pages on my sites are the most popular
- See where from the globe my visitors originate from
- See what platforms people use to visit my website
- See what settings people use
- See how much visitors I have within a given timespan
- Selling data to 3rd party advertisers
- Track you outside my website