Privacy Policy
How I handle your data (spoiler: I barely collect any)
Last Updated: December 8, 2025
The Short Version
I collect almost nothing. No cookies. No tracking pixels. No analytics. The only personal data I collect is your email address if you voluntarily subscribe to the newsletter. Everything else stays in your browser.
For a security blog, I think that’s how it should be.
Who I Am
Nine Lives, Zero Trust is a personal security blog operated by Jerrad Dahlager. This site is hosted on Cloudflare Pages at nine-lives-zero-trust.pages.dev.
Contact: Email: jerrad@nineliveszerotrust.com LinkedIn: linkedin.com/in/jerraddahlager
What I Collect
Information You Provide Voluntarily
Newsletter Subscription
If you subscribe to the newsletter, I collect:
- Email address - That’s it.
Your email is processed by Formspree, a third-party form handling service. I use this information solely to send you security insights and blog updates. I will never sell, rent, or share your email address with third parties for marketing purposes.
To unsubscribe: Reply to any newsletter email with “unsubscribe” or contact me directly.
Comments (via Giscus)
If you leave comments on blog posts, the commenting system is powered by Giscus, which uses GitHub Discussions. To comment, you must have a GitHub account and authenticate through GitHub. Your comments, username, and profile information are stored on GitHub’s servers, not mine. GitHub’s privacy practices apply to that data - see GitHub’s Privacy Statement.
Information Stored in Your Browser Only
This site uses browser localStorage to remember your preferences. This data never leaves your device and is never transmitted to any server:
| Data | Purpose | Stored Where |
|---|---|---|
| Theme preference | Remember your chosen color theme | localStorage |
| Reading list | Save posts for later reading | localStorage |
| Post reactions | Track which posts you’ve reacted to | localStorage |
| Threat feed bookmarks | Save threat intelligence items | localStorage |
| Table of contents state | Remember if TOC is collapsed | localStorage |
You control this data. Clear your browser’s localStorage anytime to remove it. I cannot access it.
Information I Do NOT Collect
- No cookies - I don’t use cookies. At all.
- No analytics - No Google Analytics, no Mixpanel, no tracking scripts.
- No advertising trackers - No pixels, no retargeting, no ad networks.
- No fingerprinting - I don’t track device fingerprints.
- No location data - I don’t request or store your location.
Third-Party Services
I use a minimal set of third-party services to operate this site:
Cloudflare (Hosting & CDN)
This site is hosted on Cloudflare Pages. Cloudflare may process your IP address and standard HTTP request information (browser type, referring page, etc.) for security, performance, and operational purposes. See Cloudflare’s Privacy Policy.
Formspree (Newsletter Forms)
Newsletter signups are processed by Formspree. When you submit your email, it is sent to Formspree’s servers and then forwarded to me. See Formspree’s Privacy Policy.
Google Fonts
I use Google Fonts (Outfit and JetBrains Mono) for typography. Google may log font requests. See Google’s Privacy Policy. No cookies are set by Google Fonts on this site.
Giscus (Comments)
Comments are powered by Giscus, which connects to GitHub Discussions. If you comment, your interaction is governed by GitHub’s Privacy Statement.
Threat Feeds API
The Threat Feeds page fetches data from a Cloudflare Worker that aggregates publicly available vulnerability data from CISA and the National Vulnerability Database (NVD). This API logs your IP address temporarily (60 seconds) solely for rate limiting purposes. No personal data is stored beyond this brief window.
Data Retention
| Data Type | Retention Period |
|---|---|
| Newsletter emails | Until you unsubscribe or request deletion |
| Comments (Giscus) | Indefinitely on GitHub (you control via your GitHub account) |
| localStorage data | Until you clear your browser storage |
| API rate limit logs | 60 seconds |
Your Rights
Depending on your location, you may have the following rights:
For All Users
- Access - Request what data I have about you (hint: probably just your email if you subscribed)
- Deletion - Request I delete your data
- Unsubscribe - Opt out of newsletter communications at any time
For California Residents (CCPA/CPRA)
- I do not sell personal information
- I do not share personal information for cross-context behavioral advertising
- You have the right to know what personal information I collect and how it’s used
- You have the right to delete your personal information
- You have the right to opt-out of sales (not applicable - I don’t sell data)
- You will not be discriminated against for exercising your privacy rights
For EU/EEA Residents (GDPR)
- Legal basis: I process your email address based on your consent (newsletter signup)
- Right to withdraw consent: You may unsubscribe at any time
- Right to erasure: Contact me to have your email removed
- Right to lodge a complaint: You may file a complaint with your local data protection authority
Data Security
I implement security measures appropriate for a site that collects minimal data:
- HTTPS everywhere - All connections are encrypted via TLS
- Security headers - Strict CSP, HSTS, X-Frame-Options, and other protections
- No server-side data storage - I don’t maintain databases of user data
- Third-party vetting - I only use reputable, privacy-conscious service providers
Children’s Privacy
This site is not directed at children under 13. I do not knowingly collect personal information from children. If you believe a child has provided me with personal information, please contact me and I will delete it.
International Transfers
If you access this site from outside the United States, your information may be transferred to and processed in the United States (specifically Missouri) where this site is operated from. By using this site, you consent to this transfer.
Changes to This Policy
I may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. For significant changes, I may notify newsletter subscribers via email.
Contact Me
Questions about this Privacy Policy? Concerns about your data?
Email: jerrad@nineliveszerotrust.com LinkedIn: linkedin.com/in/jerraddahlager
I’ll respond within 30 days.
As a security professional, I believe privacy isn’t just a policy - it’s a practice. This site is designed to minimize data collection because that’s the most effective way to protect your privacy.