privacy

Privacy Policy — ontiveros.me

Last updated: 2026-05-02

ontiveros.me is the personal website and IndieWeb presence of Jamie Ontiveros. It runs SignalKit, a self-hostable content platform, and serves as a single-author publication, identity provider, and federation endpoint.

This policy describes what data ontiveros.me collects, why, how it's stored, and what control you have over it. The site has a small data footprint by design: no third-party trackers, no advertising, no behavioral profiling, no data resale. If something below sounds vague, it probably means we don't do that thing.

If you have questions about this policy, contact me.

Plain-language summary

A working operator's-eye summary, in case the rest of this page is too long:

  • I run this site myself. No team, no analytics consultant, no ad network.
  • No third-party trackers, no ads, no resale of data. Ever.
  • The data I do keep, I keep because it's needed for the site to work — your email if you subscribed, hashed IPs for rough analytics, public webmention records — and I keep as little of it as I can. This is the IndieWeb principle of Datensparsamkeit (data minimization / data austerity).
  • Stuff I publish to other networks (LinkedIn, Nostr) is one-way. Their privacy policies govern what they do with that copy.
  • Email me at jamie@ontiveros.me any time to access, correct, or delete what I have about you.

The full document below is the precise version.

What we collect

1. Stories, notes, and pages

Content I publish (blog posts, short notes, link curations, photos) is mine — it doesn't represent data collection from you. It's listed here only because the platform stores it.

A note on photos and EXIF data. When I upload a photo to ontiveros.me, the underlying platform currently preserves the image's embedded EXIF metadata (camera model, original timestamp, and — if your camera or phone had location services on — the GPS coordinates where the photo was taken). I'm aware of this and try to strip metadata client-side before I upload, but I haven't yet implemented automatic server-side EXIF stripping (see SignalKit roadmap). If you ever spot a published photo on ontiveros.me whose metadata reveals more than I intended, email me and I'll re-upload a stripped version. This disclosure exists because it's an honest current-state limitation, not because it's a routine data-collection practice.

2. Newsletter subscribers

If you sign up for the email newsletter, ontiveros.me stores:

  • Your email address
  • An optional display name if you provide one
  • The date you subscribed
  • A confirmation token (used once, during double-opt-in, then expired)
  • A hash of the IP address you subscribed from (one-way SHA-256; the raw IP is never persisted)

You can unsubscribe at any time from any email's footer link. Unsubscribing removes you from the active subscriber list immediately. A single-row record of the unsubscribe is retained so the system doesn't accidentally re-add you on a later opt-in form submission.

3. Analytics

Page views are recorded for SignalKit's own analytics (so I can see which posts people read). Each row contains:

  • The page slug
  • A hash of the visitor's IP (one-way SHA-256 with a per-day salt; not reversible)
  • A hash-derived rough geographic region (continent / large region — not city, not country-precise in many cases)
  • The user-agent string
  • The referrer URL, if any

There is no JavaScript tracker, no Google Analytics, no Facebook Pixel, no third-party beacons. Analytics data stays on the server that hosts the site. It is not shared with anyone.

4. Webmentions

Webmentions are public, IndieWeb-standard interactions: when someone links to a story on ontiveros.me from their own site, their site can notify ontiveros.me, and the link is shown publicly under the story. If you send a webmention to ontiveros.me:

  • The URL of your post becomes publicly visible on the linked story page
  • The author name + photo + text excerpt your post advertises (via h-card / mf2 markup) is shown publicly
  • I keep the source URL and parsed author info indefinitely as part of the public record

If you delete the source post on your own site, send another webmention with the same URL after the deletion and ontiveros.me will pick up the removal and stop displaying it. You can also email me to remove it manually.

5. Account login (admin only)

Only I (Jamie) have an admin account on ontiveros.me. The account password is stored as a bcrypt hash, never in plaintext. Sessions are cookie-based, set with the Secure, HttpOnly, and SameSite=Lax flags.

If ontiveros.me ever opens to additional authors, this section will be updated to reflect that.

6. IndieAuth and Micropub

ontiveros.me functions as an IndieAuth identity provider for me, and may issue tokens to my own client apps via Micropub. Tokens issued by ontiveros.me are stored in the database, scoped, and expire on a documented schedule. The endpoint does not authenticate or store data for any other person.

7. Cross-posting (syndication)

When I publish a story, ontiveros.me may also push a copy to other networks I've connected:

  • Nostr — public protocol. Events are signed by a key tied to my identity and broadcast to a configured list of relays. Once published, a Nostr event is effectively unrecallable (relays cache events; I can ask my own relay to delete, but other relays may keep the copy). My public key (npub) is intentionally public.
  • LinkedIn — when configured, ontiveros.me makes API calls to LinkedIn under my authorization to post a copy of a story to my LinkedIn feed. LinkedIn's privacy policy governs your interaction with that copy if you read it on LinkedIn.
  • Other networks may be added in the future. They will all be one-way: ontiveros.me posts content out; it does not pull personal data of LinkedIn / Nostr users back into the site.

OAuth access tokens issued by these networks (e.g. the LinkedIn access token) are stored in the ontiveros.me database to enable the publishing flow. Only I can read them via the admin UI.

8. AI-assisted authoring

When I draft a story, I sometimes use a self-hosted integration with a large-language-model API (Anthropic) to help summarize linked sources or polish drafts. Only my own draft content is sent to the model — never subscriber data, never analytics data, never another reader's information. The model provider's privacy terms apply to the request/response payloads I send.

What we don't collect

  • No third-party advertising identifiers. ontiveros.me serves no ads.
  • No third-party trackers. No Google Analytics, no Meta pixel, no Mixpanel, etc.
  • No behavioral profiles. Visit sequences are not stitched into a per-person profile beyond a session-scoped hash that resets daily.
  • No payment data. ontiveros.me does not currently sell anything. If that changes (e.g. paid subscriptions), this policy will be updated and a separate processor (e.g. Stripe) will handle payment data.
  • No biometric data, no location precision beyond rough region.

Where the data lives

ontiveros.me is hosted on Pair Networks, a US-based shared/managed hosting provider. The site database is also hosted on Pair Networks infrastructure. Email is delivered through a configured SMTP provider (currently Gmail SMTP for transactional mail like newsletter confirmations and password resets).

Subprocessors that may handle your data:

Provider What they handle
Pair Networks Web hosting, database, server logs
Gmail / Google (SMTP) Outbound transactional email delivery
Anthropic Draft-authoring AI calls (operator content only, not subscriber data)
LinkedIn Stories I cross-post to my LinkedIn feed (one-way, my authorization)
Nostr relays Published Nostr events (one-way, public protocol)

I do not sell, rent, or share data with any party not listed above. If that ever changes, this policy will be updated before the change takes effect.

How long we keep things

Data Retention
Newsletter subscriptions Until you unsubscribe; an unsubscribe marker is kept indefinitely so re-subscribe forms don't accidentally re-add you.
Page-view analytics 24 months, then purged.
Webmention records Indefinitely (they're part of the public record on the linked story). Removable on request.
OAuth tokens for connected networks Until I disconnect them in the admin UI; revoking access on the network's side also invalidates them.
Server access logs Standard hosting-provider retention (typically 30–90 days).
Error logs 90 days, then auto-pruned.

Your rights

Regardless of where you live, ontiveros.me extends the following to you:

  • Access: ask what data I hold about you. I'll respond within 30 days.
  • Correction: ask me to fix anything wrong.
  • Deletion: ask me to delete your data. For newsletter subscribers, the unsubscribe link does this. For webmention authors, send me a request and I'll remove the public mention.
  • Export: ask for a copy of what I have about you, in a machine-readable format.
  • Opt-out: unsubscribe links work; I respect Global Privacy Control / Do Not Track headers for the analytics layer (the page-view row is skipped when those headers are present).

To exercise any of these, contact me. I'll handle the request myself; there's no support team. EU and California residents have additional rights under GDPR and CCPA respectively, including the right to lodge a complaint with a supervisory authority.

Cookies

ontiveros.me sets a small number of first-party cookies:

  • PHPSESSID — admin login session (only set after I log in to the admin area; not set for visitors)
  • A daily-rotating analytics cookie that holds a session hash (no PII)

That's it. No third-party cookies are set by ontiveros.me. (LinkedIn and other embedded link previews on third-party sites are a different matter — that's between you and that site.)

Children

ontiveros.me is not directed at children under 13 and does not knowingly collect data from them.

Security

  • TLS in transit (HTTPS everywhere; HTTP requests redirect to HTTPS).
  • Passwords stored as bcrypt hashes.
  • Encrypted-at-rest secrets for sensitive configuration (Nostr signing keys are encrypted in the keyring before storage).
  • Defense-in-depth admin auth: session cookies with Secure + HttpOnly + SameSite=Lax; CSRF tokens on every state-changing form.
  • Server is patched on the host's standard cadence; SignalKit (the platform code) is updated continuously by me as the operator.

No system is unbreakable, and I won't pretend otherwise. If a breach affecting your data ever happens, I'll notify affected subscribers by email within 72 hours of confirming the breach, and post a public note on ontiveros.me describing what happened, what was affected, and what's being done.

Changes to this policy

If this policy changes, the "Last updated" date at the top will move and the substantive change will be summarized in a short note here. Material changes (new third parties, new categories of collection) will be announced to active newsletter subscribers by email.

Contact

Jamie Ontiveros
https://ontiveros.me

This policy is published at https://ontiveros.me/page/privacy. The canonical markdown source lives in the SignalKit repository at docs/legal/privacy-ontiveros.md.

Influenced by the IndieWeb privacy community and the principle of data minimization (Datensparsamkeit).

Back to feed
Subscribe

By email

Get the latest news and updates in your inbox.

Customize preferences

By feed reader

We publish RSS, Atom, and JSON feeds sliced by category and tag.

View all feeds →
Feeds
Subscribe by email

Get the latest news and updates in your inbox.

Customize preferences