Moon
once in a white moon

Privacy

Written by an AI/LLM, then read through and approved by me

This is the obligatory privacy page; where I tell you what this site does with your data. The short version: very little, and I try to be careful about it.

Tuesday, May 26, 2026

For the technical breakdown of cookies and browser storage specifically, see the Cookies page.

If anything here is wrong or unclear, contact me directly via any of the social links in the footer and I'll fix it.

Who's behind this

That would be me, Gina Therese Hvidsten.

What I collect, and why

Counting visits

I want to know which posts people actually read — partly to fuel the writer's neurosis, partly to figure out when something has caught fire somewhere. For this I use GoatCounter, an open-source analytics tool that I run on my own server. Your data goes to me, not to Google or anyone else.

GoatCounter is deliberately privacy-respecting:

It sets no cookies in your browser, and stores nothing else there either.

It collects only what it needs to count page views: the URL you visited, the page that referred you (if any), your browser and operating system, your screen size, and an approximate country looked up from your IP address.

Your IP address itself is not stored. It is used briefly, together with a salt that changes every day, to recognize the same browser across page views — and then thrown away. After eight hours the link between any IP address and any page view in the database is gone for good.

In short, I learn that someone from your country read three posts today, not that you specifically did. There is nothing here to deanonymize.

If you would like to opt out anyway, any ad blocker will block the small analytics script — it lives at https://data.onceinawhitemoon.net/count.js — without affecting anything else on the site.

Server logs

My web host records the usual stuff for every request — IP address, browser, URL, timestamp. I use it to spot abuse and as a backstop for figuring out what people are reading. Logs are kept for 30 days and then deleted.

Comments

The comments section on some pages is powered by Disqus, a third-party service. If you choose to leave a comment, you'll need to sign in to Disqus — at which point your comment, your Disqus profile information, and various technical details become Disqus's responsibility, not mine. Anything you post is publicly visible under the relevant post.

Even just loading a page with the comments widget means your browser sends Disqus your IP address, the URL of the page, and standard browser information, in the same way that any embedded third-party thing does (a YouTube video, an embedded tweet, a Google Map). I've configured Disqus to minimize what it does with this — anonymous cookie targeting is turned off in the admin — but I can't remove the third-party connection entirely without removing comments, which I'm not going to do because comments are fun and the alternative is yelling into the void.

For the specific cookies and local storage Disqus uses, see the Cookies page. For everything else, Disqus's privacy policy is the authoritative source.

Contact

Anything you message me via the social links in the footer, I use to message you back. I don't add you to any mailing list. (There is no mailing list.)

What I don't do

I don't run ads. I don't sell anything to you, let alone sell you to anyone else. I don't use any of the above for profiling, ad targeting, or anything that crosses the line from "running a website" to "monetising the visitor."

Legal basis (for EU and UK readers)

Where GDPR or UK GDPR applies, the dry version:

  • GoatCounter analytics — legitimate interest in knowing roughly what's being read. The tool is set up so I never see individual visitors, only aggregate counts.

  • Server logs — legitimate interest in running a website that doesn't get knocked over by abuse.

  • Disqus widget on the page — legitimate interest in offering comments. You can avoid this entirely by not opening posts with comments.

  • Disqus account and cookies — your consent, collected by Disqus's own sign-in flow.

  • Messages you send me — your consent, or legitimate interest in replying.

Your rights

If you live somewhere with serious privacy laws, you have rights that include:

  • Asking what data I hold about you.

  • Asking me to correct it if it's wrong.

  • Asking me to delete it.

  • Objecting to certain uses.

  • Getting a copy in a portable format.

  • Withdrawing consent at any time.

  • Complaining to a data-protection authority if you think I'm doing something dodgy. EU/EEA folks: your local authority. UK folks: the ICO.

To exercise any of these, contact me through the social links and I'll reply within the time the law gives me (a month, in the EU/UK).

Data held by Disqus is a separate matter — you'll need to ask them directly. I genuinely cannot reach into their database.

International transfers

Disqus is in the United States. Embedding the widget means some of your data goes there. Disqus relies on the standard legal mechanisms (the EU–US Data Privacy Framework, Standard Contractual Clauses) to make that lawful.

Nothing else on this site transfers your data anywhere — GoatCounter and the server logs both live on a server I control.

Children

This site isn't aimed at children, and I don't knowingly collect data from anyone underage. If you think a child has used the comments or contact form anyway, let me know and I'll deal with it.

Changes to this page

I'll update this page when something changes. The "Last updated" date at the top is the canonical record.

Get in touch

Privacy questions, corrections, or general feedback: Contact me through the social links in the footer.