Privacy

Who runs this site

The data controller for this site is Peter Walda, who operates Agent Mode AI as a sole publisher from the Netherlands. For any data-protection matter the contact is peter@agentmodeai.com.

The default

The site runs a single, self-hosted, cookieless analytics tool. No banner asks for consent because there is nothing persistent to consent to — no cookies, no fingerprints, no cross-session identifiers. Aggregate page-view counts, country-level geography, and traffic source (organic search, direct, referral) are recorded as anonymous aggregates so the publication can tell which articles are being read and where readers are arriving from. Nothing on this page is theoretical: the analytics stack is named below, the data residency is named, and the source code that wires it in is open in the repository.

What is collected

Umami (self-hosted)

Umami is the only first-party analytics tool the site runs. It is hosted on publication infrastructure in the Netherlands, not on a third-party cloud. The tracking script is loaded from analytics.macmonster.win via Cloudflare Tunnel; the analytics database sits behind that tunnel on the same machine the publication is operated from. No external processor ever sees the data.

• What is recorded: page-view, anonymised referrer, anonymised country (derived from the request IP at edge time and discarded), screen size bucket, browser family. Times are stored at minute resolution.
• What is not recorded: no IP addresses are stored. No persistent identifiers (no cookies, no localStorage, no fingerprinting). No reading or scroll sessions are joined across visits. Each visit is a standalone anonymous record.
• Retention: raw event-level data is kept for 6 months, after which only aggregate reports persist. The data never leaves the host machine.
• Interaction events. Beyond pageviews, the site records a small set of named interaction events so the publication can tell which of its editorial surfaces are actually used. Each event is a standalone anonymous record under the same posture as a pageview (no identifier, no cross-session join).
  • citation_click — when a reader clicks an outbound link inside an article body (the destination host is recorded, no per-reader profile).
  • site_search — what query a reader typed into the search box and how many results came back. Search queries are not attached to any identifier.
  • holding_filter_changed, holding_drawer_opened,holding_deeplink_landed, claim_cited — engagement with the Holding-up ledger and its claim drawers.
  • persona_card_clicked, persona_timeline_scrubbed,persona_task_expanded — engagement with the Work & AI persona tool.
  • podcast_audio_seen — fires once when the podcast embed scrolls into the viewport. This is a "saw the audio surface" signal, not a play count; actual play attribution sits with Transistor.
  • tool_started, tool_completed, newsletter_submitted,lead_magnet_submitted, claim_watch_submitted,download_gate_unlocked, affiliate_click — outcomes of the on-page tools and email-capture forms.

LLM crawler logging

The site records hits from AI crawlers (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bingbot, and similar). The recorded fields are the bot's self-declared user-agent, the URL path requested, the request method, and the country derived from the request headers. Source IPs are recorded for the short-lived purpose of reverse-DNS verifying claimed crawler identities; once a hit is classified, the IP is retained only inside the aggregate roll-up. This data is editorial input — it informs which surfaces AI assistants are actually reading, which feeds into how the publication writes for that audience. It is not used to identify any human reader; AI crawlers are not people.

Session replay (Umami)

A subset of reader sessions is recorded for editorial purposes: to see where readers stall, what they skim, and whether the long-form articles actually get read end-to-end. Like the rest of the analytics, replay is self-hosted by the publication on macmonster in the Netherlands; recordings never leave that machine.

• Sampling. 15% of sessions are recorded. The other 85% are never captured.
• What is masked. Form inputs and labelled sensitive fields are masked in the recording. The replay shows that a field was filled, not what was typed. Email subscribe, the GAUGE diagnostic, and the contact form all render as redacted in playback.
• Session duration cap. Each recording is capped at 5 minutes. Long-lived tabs stop being recorded after that.
• What is recorded. DOM mutations, mouse movement, scroll position, and click positions on non-masked elements. No audio, no video, no webcam, no keyboard capture beyond unmasked form fields.
• Retention. Recordings are kept for 30 days, then rotated out. Aggregate metrics persist longer; raw recordings do not.
• Opt-out. A browser-level Do-Not-Track / Global Privacy Control signal is respected. Readers who use a tracker-blocking extension (uBlock Origin, Privacy Badger, etc) are typically not recorded; readers who email the address below can request exclusion.

Newsletter (Beehiiv)

The newsletter is hosted on Beehiiv. When a reader subscribes, the email address and any consent timestamp are passed to Beehiiv along with a UTM source tag identifying which surface the subscription came from (site footer, GAUGE diagnostic, MTTD lead magnet, etc.). Beehiiv tracks open and click aggregates. Unsubscribe is one-click in every send. Email addresses are not shared, sold, or used for any purpose other than the newsletter itself.

Legal basis for processing

Under the GDPR, each processing activity rests on a specific legal basis:

• Newsletter. Consent (Art 6(1)(a)), given when you subscribe and withdrawn one-click in any send.
• Web analytics (Umami). Legitimate interest (Art 6(1)(f)) in knowing which articles are read, narrowed by the fact that no IP or persistent identifier is stored.
• Session replay. Legitimate interest (Art 6(1)(f)), with the sampling, input-masking, duration cap, short retention, and DNT/GPC opt-out described above as the balancing safeguards. Whether replay should instead run behind explicit consent under Dutch ePrivacy rules is under legal review; until that is settled, the opt-out above applies.
• LLM-crawler logging. Legitimate interest (Art 6(1)(f)); the subject is an automated crawler, not a natural person.

All data is collected directly from you. The publication does not buy, rent, or enrich reader data from third parties, and performs no automated decision-making or profiling.

What is not collected

• No advertising trackers. The site runs no ad networks, no retargeting pixels.
• No cross-site tracking. No third-party analytics or product-analytics service receives data from this site. The only third-party processor is Beehiiv, and only for subscribers.
• No demographics or interest profiles. There is no mechanism in the stack that could produce them.
• No fingerprinting. The site does not run any scripts that derive identity from device characteristics.
• No form-data into analytics. Sensitive inputs (email signup, contact forms, the GAUGE diagnostic) are not instrumented to send their values anywhere except the specific endpoint that needs them.

Rights under GDPR

Readers in jurisdictions covered by the EU General Data Protection Regulation, the UK GDPR, or equivalent regimes have the following rights with respect to data collected by this site:

• Right to access. A reader can request a copy of the data this site holds about them. In practice the site does not hold personal data in any queryable form — Umami records anonymous aggregates and the rest of the stack does not collect reader-level data at all.
• Right to rectification. Newsletter subscribers can update or correct their email address by replying to any newsletter or contacting the address below.
• Right to erasure. Newsletter subscribers can unsubscribe one-click from any send; this removes the address from Beehiiv.
• Right to object. Because analytics, session replay, and crawler logging run on legitimate interest, a reader can object to that processing. A Do-Not-Track / Global Privacy Control signal is honoured automatically, and exclusion can be requested at the address below.
• Right to restriction. A reader can ask the publication to pause processing of their data while a request is being resolved.
• Right to data portability. A newsletter subscriber can request their email and subscription record in a portable form; in practice that email is the only reader-level datum held.
• Right to lodge a complaint. A reader who believes their data has been mishandled can complain to their national data protection authority. In the Netherlands (where this site is operated): the Autoriteit Persoonsgegevens.

Data processors

The third parties that process data on behalf of this site:

• Cloudflare Inc. — DNS, edge networking, and the Tunnel that fronts the self-hosted analytics endpoint. Cloudflare sees the request URL and the client's IP for the duration of TLS termination; it does not store reader-level analytics for this site. Cloudflare privacy policy.
• Vercel Inc. — application hosting. Vercel sees request logs as an operational byproduct of running the site; no Vercel analytics product receives data from this site (Vercel Web Analytics and Vercel Speed Insights were removed on 20 May 2026 with the rest of the third-party stack). Vercel privacy policy.
• Beehiiv Inc. — newsletter delivery (only for subscribers). Beehiiv privacy policy.

Cloudflare, Vercel, and Beehiiv are headquartered in the United States, so data they process may be transferred outside the EU. Those transfers rest on the Standard Contractual Clauses and each provider's data-processing agreement; a copy of the relevant safeguards can be requested at the contact address below.

Internal surfaces

The site exposes an internal /admin/intel dashboard that aggregates editorial data (Umami visit summary, LLM-crawler activity, Google Search Console query data). It is gated behind a shared-secret cookie that only Peter holds. It is not a reader-facing surface and it does not present any reader-level data — it shows the same aggregates a reader can infer from the site's public articles, with the analytics-derived patterns the publication uses to plan upcoming writing.

Contact

For any privacy question, including a request to exercise the rights above, email peter@agentmodeai.com. Responses target a 14-day window; complex requests may take longer and the reader will be told why.

Updates

This page is reviewed when the analytics surface changes.

• 1 Jun 2026 — Stated concrete retention periods (Umami raw events 6 months; session replays 30 days) in place of the earlier “while useful” wording, and published the Terms of Use.
• 31 May 2026 — Added the data-controller identity, the per-activity legal basis (consent for the newsletter; legitimate interest for analytics, session replay, and crawler logging), an international-transfer note for the US-based processors, and the rights to object, to restriction, and to data portability. No change to what is collected; these are disclosure-completeness fixes.
• 21 May 2026 — Umami session replay added: 15% sampling, moderate input masking, 5-minute session cap, self-hosted on the same machine as the rest of the analytics. The previous version of this page stated "no session replays"; that statement no longer holds and the new posture is described above.
• 20 May 2026 — Vercel Analytics, Vercel Speed Insights, Google Analytics 4, and PostHog were all removed and Umami became the publication's first-party web analytics tool.

When a material change is made, the publication's pattern of "nothing is quietly rewritten" applies here too: the previous version stays accessible via the site's git history, and material changes are announced in the newsletter.

The broader editorial charter — review cycles, corrections, disclosure — is at editorial standards.