txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e90e7f0a15f72000cc78949265d2a8336c67580a
cv-site/doc/PRIVACY.md
T
juanatsap f211d40803 docs: consolidate and sanitize documentation for public release 
**Changes Summary:**

**Files Deleted (6 files):**
- doc/HTMX-PRODUCTION-RECOMMENDATIONS.md (implementation notes)
- doc/SEO-OPTIMIZATION-COMPLETE.md (implementation artifact)
- doc/PROJECT-DOCUMENTATION-SUMMARY.md (meta-documentation)
- doc/PROJECT_STATUS.md (internal roadmap)
- doc/API-QUICK-REFERENCE.md (consolidated into API.md)
- doc/API-PROTECTION.md (consolidated into API.md and SECURITY.md)

**API Documentation Enhanced:**
- Added Quick Reference section to API.md (from API-QUICK-REFERENCE.md)
- Added Security & Protection section to API.md (from API-PROTECTION.md)
- Updated Rate Limiting section to reflect actual implementation
- Added Origin Checking documentation with examples

**SECURITY.md Enhanced:**
- Added comprehensive API Protection Features section
- Updated Rate Limiting section (was marked "Not implemented", now shows it IS implemented)
- Added Origin Checking configuration and examples
- Added Combined Protection flow documentation
- Added Testing Protection section with curl examples
- Added Production Deployment Checklist
- Added Troubleshooting section

**Private Information Removed:**
- README.md: Removed matomo.drolo.club and site ID references
- PRIVACY.md: Replaced specific Matomo server with generic template
- CUSTOMIZATION.md: Replaced Analytics Configuration with generic guide
- All Matomo-specific details replaced with placeholders

**Documentation Navigation:**
- README.md: Enhanced Documentation section with organized categories
  - Getting Started (README, DEPLOYMENT, CUSTOMIZATION)
  - Technical Reference (ARCHITECTURE, API)
  - Policies & Standards (SECURITY, PRIVACY, CODE_OF_CONDUCT, CONTRIBUTING)
  - License

**Broken Links Fixed:**
- Removed reference to non-existent CHANGELOG.md in API.md
- Fixed relative paths for cross-document references
- Verified all internal documentation links

**Result:**
- Documentation reduced from 16 files to 10 core files (37.5% reduction)
- No private information exposed (all Matomo details sanitized)
- No implementation artifacts remaining
- Clear, professional structure suitable for public instructive project
- Comprehensive API and security documentation
- All essential content preserved and enhanced

This documentation now represents a professional, instructive open-source project suitable for public consumption and learning purposes.
2025-11-12 16:04:43 +00:00

103 lines
3.3 KiB
Markdown
Raw Blame History

# Privacy & Cookies Policy
**Last Updated:** November 9, 2025
This website is a personal CV/portfolio site for Juan Andrés Moreno Rubio. This privacy notice explains what data is collected and how it's used.
---
## Analytics & Tracking
### Matomo Analytics
This website uses **Matomo**, a self-hosted, privacy-friendly analytics platform to understand visitor behavior.
**What is collected:**
- Pages you visit
- Language preference (EN/ES)
- Approximate location (country/city level)
- Browser type and operating system
- Referring website (if any)
- Time spent on site
- Clicks on external links
**What is NOT collected:**
- Personal identifying information (name, email, phone)
- Precise geolocation
- Cross-site tracking data
**Cookies used:**
- `_pk_id`: Visitor identifier (13 months)
- `_pk_ses`: Session identifier (30 minutes)
- `_pk_ref`: Attribution information (6 months)
**Data storage:**
- All analytics data is stored on a self-hosted Matomo instance
- Data is NOT shared with third parties
- Data is NOT sold or used for advertising
**Opt-out:**
- Matomo respects "Do Not Track" browser settings
- You can block cookies in your browser settings
- You can use browser extensions to block analytics scripts
---
## Other Data Collection
### Language Preference
The site stores your language preference (English/Spanish) in **localStorage** to remember your choice across visits. This is stored only in your browser and is never sent to the server.
### No Account System
This website does NOT require accounts, logins, or user registration. No personal data is collected through forms.
---
## Contact
If you have questions about this privacy policy or data handling:
**Email:** Contact information available on the CV itself
**GitHub:** [https://github.com/juanatsap/cv-site](https://github.com/juanatsap/cv-site)
---
## For Developers Using This Code
This privacy policy is a **template** showing how to handle self-hosted analytics. If you use this code:
### If You Want Analytics:
1. Set up your own analytics service (Matomo, Plausible, etc.)
2. Update the tracking code in `templates/index.html`:
- Replace the analytics server URL with yours
- Replace the site ID with yours
3. Update CSP headers in `internal/middleware/security.go`:
- Add your analytics domain to `script-src` and `connect-src`
4. Rewrite this PRIVACY.md file with your own:
- Contact information
- Analytics provider details
- Data handling practices
### If You Don't Want Analytics:
1. Remove the analytics `<script>` block from `templates/index.html`
2. Remove analytics domains from CSP headers in `internal/middleware/security.go`
3. Simplify this PRIVACY.md to state "This site does not use analytics or tracking"
### Template Variables to Replace:
- `[YOUR-ANALYTICS-SERVER.COM]` - Your analytics server domain
- `[YOUR-SITE-ID]` - Your analytics site identifier
- `[YOUR-CONTACT-INFO]` - Your contact information
- `[YOUR-GITHUB]` - Your GitHub profile/repository
---
## Changes to This Policy
This privacy policy may be updated occasionally. Changes will be reflected with a new "Last Updated" date at the top of this document.
---
**Bottom line:** This site uses self-hosted analytics to understand visitor behavior. No personal data is collected, sold, or shared. You can disable tracking via browser settings or Do Not Track.
Reference in New Issue View Git Blame Copy Permalink