Privacy policy
Last updated: 28 June 2026.
We do not run Google Analytics, PostHog, Meta Pixel, Hotjar, or any other third-party analytics, behavioural-retargeting, or session-recording tool on this site. We do not set tracking cookies. We do not profile individual visitors, and we do not sell, share, or rent personal data. This page is the honest description of what we DO collect, why, and how long we keep it — in plain English, in one screen.
- No tracking cookies. No third-party analytics. We use a homegrown, cookieless, server-side counter only. The single cookie we ever set is a strictly-necessary admin-session cookie when an operator logs into
/admin. - Server-side: visitor IPs are hashed → country code → discarded in-memory on the same request. We never store raw IPs on our servers.
- No Google Analytics, no PostHog, no Meta Pixel, no Hotjar, no LinkedIn Insight, no TikTok Pixel, no behavioural retargeting, no individual-visitor profiling, no session recording.
- No data sales. No ad networks at this time — we may deploy ad networks (CPC / CPM) in the future. When that happens, this policy will be updated to disclose the specific networks, and a cookie-consent mechanism (GDPR / ePrivacy / UK PECR compliant) will be deployed before any advertising cookies are set.
- Sub-processors: MongoDB Atlas (database), Resend (email opt-in), Cloudflare (DNS + CDN + cookieless Web Analytics beacon), Cloudflare Turnstile (anti-bot on SEO tool forms — see Turnstile Privacy Addendum). All GDPR-DPA-signed.
1. What we collect
On feed-pulse.com: when you load a page, our servers log the request URL, the day's date, and a derived country code (e.g. "US", "DE") computed from your IP in-memory only. Your IP is never written to disk or held in memory beyond that single request.
Forms you fill in: if you contact us through /contact or opt in to a tool's "email me when indexed" notification, we store the email you submitted and the form payload until you ask us to delete it.
If you embed a FeedPulse widget on your site: when a visitor to your site loads the widget, their browser sends a request to our servers. We apply the same hash-IP-to-country-then-discard flow. We do NOT receive page content, scroll position, mouse movements, or any cross-site browsing data.
2. Cookies
Cookies we set today:
- Operator session cookie — an
httpOnly,SameSite=Lax, strictly-necessary session cookie that is set only when an operator (us) logs into/admin. It is not used for tracking, advertising, or analytics, and it is never set on a regular visitor's browser. Under GDPR / ePrivacy, strictly-necessary cookies do not require prior consent.
Cookies we do NOT set: no Google Analytics, no PostHog, no Meta Pixel, no Hotjar, no LinkedIn Insight Tag, no TikTok Pixel, no Microsoft Clarity, no advertising or retargeting cookies, no session-recording, no fingerprinting. Because the site sets no analytics or marketing cookies at all, no cookie-consent banner is required under GDPR / ePrivacy / UK PECR.
Future ad networks: we plan to monetize the site in the future via CPC / CPM ad networks. When that change is deployed, (a) this Cookies section will be updated to list the specific networks and the cookies they set, (b) a cookie-consent banner will be added so EU / UK / California visitors can opt in or opt out of advertising cookies before they are set, and (c) the "Last updated" date at the top of this page will be bumped and the change announced on our blog.
3. Sub-processors
The third parties that process your data on our behalf, in real time, are:
- MongoDB Atlas (database hosting · US + EU regions · GDPR-DPA signed)
- Resend (transactional email · only when you opt in to a form · GDPR-DPA signed)
- Cloudflare (DNS + CDN · sees request IPs at the edge before they reach us · GDPR-DPA signed · also serves Cloudflare Web Analytics, a cookieless, server-side aggregate-traffic beacon —
static.cloudflareinsights.com/beacon.min.js— which does not set cookies, does not fingerprint, does not persist visitor identifiers, and therefore does not require prior consent under GDPR / ePrivacy / UK PECR; see Cloudflare Web Analytics Privacy) - Cloudflare Turnstile (invisible anti-bot challenge on our SEO-tool forms · runs entropy/timing checks behind the scenes to protect our paid API quotas from automated abuse · processing is governed by the Cloudflare Turnstile Privacy Addendum · Cloudflare does not store visitor PII; tokens are short-lived per validation)
- Read-only public APIs we call to compute SEO metrics: Moz, OpenPageRank, SerpAPI, PageSpeed Insights, Open-Meteo, CoinGecko, Wikipedia, Web Archive. We send them a domain name, never a visitor IP.
We do not use Google Analytics, PostHog, Mixpanel, Segment, Amplitude, Hotjar, Microsoft Clarity, or any other third-party analytics or session-recording provider.
4. Your rights (GDPR + CCPA)
You have the right to:
- Request access to any personal data we hold about you
- Request correction or deletion
- Opt out of any email communication (every email has an unsubscribe link)
- Object to processing on legitimate-interest grounds
- Lodge a complaint with your local data-protection authority (e.g. ICO in the UK, CNIL in France)
To exercise any of these rights, email privacy@feed-pulse.com or use the contact form. We respond within 30 days.
5. Data retention
Aggregate visit counters (per-day country-coded request counts) are retained indefinitely — they are not personal data. Email addresses you submit are retained until you ask us to delete them, or until the underlying notification has been fulfilled (e.g. "email me when indexed" alerts auto-delete the email 90 days after the notification fires).
6. Embedding FeedPulse widgets on your site
If you embed any FeedPulse widget (live traffic feed, flag counter, online visitors, weather, comments, etc.) on your own website, you are designating FeedPulse as a sub-processor under GDPR Art. 28. To stay compliant, you should:
- Disclose FeedPulse in your own privacy policy (a one-line entry is fine: "We use FeedPulse, an embeddable widget provider, that processes visitor IPs server-side to derive country codes and immediately discards them.")
- Have a lawful basis under Art. 6(1) — legitimate interest (6(1)(f)) is the standard one for free visitor-counter widgets.
- If you handle special category data (health, political, sexual orientation) email us — we'll send a signed DPA.
We provide a free Data Processing Agreement (DPA) PDF on request to any EU customer. Email dpa@feed-pulse.com.
7. Children
FeedPulse is not directed at children under 13 (under-16 in the EU). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, email privacy@feed-pulse.com and we'll delete it.
8. Changes
If we materially change this policy, we'll update the "Last updated" date at the top and announce the change on our blog. For non-material clarifications (typos, restructuring) we update silently.
Questions about privacy, GDPR, CCPA, or our data handling?