Data Policy

Data Policy

We keep the site lightweight and privacy-first. Here’s what the site stores and how we handle analytics.

What we store (client-side only)

  • Session storage (temporary, clears when you close the tab):
    • mm_start_here_dismissed — remembers if you closed the “Start Here” modal
  • Theme preference:
    • mm-theme (localStorage) — remembers your light/dark theme choice
    • Managed by shared/js/theme-persistence.js
    • No analytics attached to theme choice

Analytics

We use PostHog (EU-hosted at https://eu.i.posthog.com) for privacy-focused web analytics. PostHog tracks only:

  • Page views (which pages are visited)
  • Basic navigation patterns (how you move through the site)
  • Geographic location (country/city, derived from IP address)
  • Technical info (browser type, screen size, referrer)

What we collect:

  • IP addresses: Used to determine geographic location (country/city) for aggregate statistics. IP addresses are processed server-side for geolocation and may be temporarily stored for rate limiting and abuse prevention.
  • Page URLs: Which pages you visit on our site
  • Referrer: Where you came from (if from another website)
  • Browser/Device info: Browser type, operating system, screen size (for aggregate statistics)

Privacy protections:

  • ✅ No session replay or screen recording
  • ✅ No automatic click tracking
  • ✅ No form submission tracking
  • ✅ No cross-session tracking (memory-only persistence in browser)
  • ✅ No persistent cookies or localStorage for analytics
  • ✅ Respects “Do Not Track” browser setting
  • ✅ Data stored on EU servers (GDPR-compliant)
  • ✅ 30-day data retention
  • ✅ IP-based opt-out available (contact us)

PostHog is configured to collect minimal data — similar to privacy-focused analytics like Plausible, but free.

What we do NOT collect

  • ❌ No tracking cookies
  • ❌ No third-party advertising pixels
  • ❌ No cross-site identifiers
  • ❌ No session recordings or screen captures
  • ❌ No form input data
  • ❌ No personally identifiable information (PII)
  • ❌ No user accounts or authentication (site is fully public)

Your privacy rights

Under GDPR and similar privacy regulations, you have the right to:

  • Opt-out: We can exclude your IP address from tracking (prospective)
  • Access: Request what analytics data we have associated with your IP address
  • Deletion: Request deletion of analytics data associated with your IP address
  • Portability: Receive your data in a machine-readable format (JSON export)

How to exercise your rights:

  1. Enable “Do Not Track” in your browser settings - PostHog respects this automatically
  2. Contact us via our Contact page or open a GitHub issue
    • For opt-out: Provide your IP address (we’ll add it to our exclusion list)
    • For access/deletion: Provide your IP address and approximate date range
    • We’ll respond within 30 days per GDPR requirements

Note: We use memory-only persistence in your browser (no persistent cookies), but PostHog’s servers do store IP addresses for geolocation and can identify your data via IP for deletion requests. If you access from multiple IPs (mobile data, VPN, etc.), you’ll need to provide all relevant IP addresses for complete deletion.

Your controls

  • Dismiss the “Start Here” modal: The dismissal is remembered only for your current browser tab
  • Clear theme preference: Remove the mm-theme entry from your browser’s localStorage (or block site storage entirely)
  • Disable analytics: PostHog respects your browser’s “Do Not Track” setting, or contact us to opt out entirely

Last updated: January 9, 2026