Last updated: 2026-07-04

Short version

We don't have user accounts, we don't use cookies, and our analytics can't identify you. We do run affiliate links to privacy and security products, and when you click one, the destination site or its ad network may set its own cookie, that's the only place tracking happens, and it's theirs, not ours. Full detail below.

1. Who This Policy Covers

This Privacy Policy applies to stateofsurveillance.org (“State of Surveillance,” “we,” “us”), an independent publication about surveillance, privacy, and digital rights. See our About page for how the newsroom operates.

2. Information We Collect

Analytics (cookieless)

We run Plausible, a self-hosted, open-source analytics platform, on infrastructure we control. It does not use cookies, local storage, or fingerprinting, and it cannot link a visit back to a specific person. It records aggregate pageviews, referrer domain, coarse device/browser/OS/country data, and aggregate engagement stats. No unique visitor identifier is ever created. Full detail, including exactly why this is exempt from cookie-consent requirements, is on our Privacy Approach page.

What we do NOT collect

  • No accounts, logins, or user profiles exist on this site
  • No contact forms that store submissions in a database
  • No cookies of any kind set by this site itself
  • No cross-site tracking, no advertising identifiers, no fingerprinting
  • No sale or sharing of visitor data, because there is no visitor data to sell

Server logs

Like any website, requests to this site pass through our hosting provider (Cloudflare Pages) and its CDN. Cloudflare processes standard technical request data (IP address, request timestamp, user agent) as part of normal web hosting and security operations (e.g. DDoS mitigation), governed by Cloudflare's own privacy policy. We do not separately log or store this data ourselves.

3. Cookies

This site sets zero cookies. If you ever see a cookie associated with a visit to this domain, it did not come from code we control, please report it. This is different from what happens after you click an outbound link, see the next section.

4. Third-Party Links and Affiliate Programs

We link to a wide range of privacy and security products across our reviews and guides, and we participate in affiliate programs for some of them: when you click a tagged link and buy something, the vendor pays us a small commission. This never changes what we write, see our affiliate disclosure for the hardware-wallet-specific terms and the Resources page for the current full vendor list and trust ratings.

What actually happens when you click: the destination site, or the affiliate network it uses (Commission Junction, Impact, Awin, and similar), may set its own cookie or tracking parameter on its own domain to record that the visit came from us. That is a first-party cookie on their site, not ours, we never receive your name, email, or purchase details, only that a referral from our link resulted (or didn't result) in a sale. We do not control, and are not responsible for, the privacy practices of any third-party site we link to. Read their privacy policy before providing them any personal information.

5. Donations

If you support this site financially (see Support), payment is processed by a third-party payment provider, not by us directly. We do not see or store your full payment card details. The payment provider's own privacy policy governs how it handles your payment information.

6. Children's Privacy

This site is not directed at children under 13, and we do not knowingly collect personal information from anyone, adult or child, since we don't collect personal information from any visitor in the first place.

7. International Visitors

This site is served through Cloudflare's global network, meaning requests may be handled by servers outside your home country. Because our own analytics collect no personal data, there is no personal data of yours that crosses borders as a result of visiting this site.

8. Your Rights

Under GDPR, CCPA, and similar laws, you have rights to access, correct, or delete personal data held about you. Because we do not collect or store personal data about visitors, there is generally nothing to access or delete on our end. If you believe we hold data about you, or have any privacy question, contact us via the support page and we'll look into it.

9. Changes to This Policy

We may update this policy as the site's tools or practices change. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be reflected here; there is no mailing list to notify since we don't collect email addresses from visitors.

10. Contact

Questions about this policy, or a privacy concern about this site specifically: the fastest path is the support page, or our Telegram channel. We read every note.