Chris Neal

Studies in Stubborn Curiosity

Privacy Policy

Last Updated: December 19, 2025

Who I Am

This website is operated by Chris Neal. The site address is: https://chris.neal.media.

For any questions regarding this policy, to request access to your data, or to request deletion of your data, please contact me.

Summary

This privacy policy describes how I collect, use, and protect information gathered through this website. I am committed to transparency regarding data practices and respect your privacy.

This site runs on WordPress, a self-hosted content management system. The site is hosted on Hostinger servers, and I use Cloudflare for DNS management and security services. I also utilize several third-party services to provide functionality, analytics, and security.

I do not sell any user data. I do not display advertisements on this site. Any data collected is used solely to facilitate core site functions, improve security, and enhance the user experience.

Services Used on This Website

Self-Hosted:

Hosting & Infrastructure:

Third-Party Services:

Hosting and Infrastructure

Hostinger

This website is hosted on servers operated by Hostinger. As my hosting provider, Hostinger processes and stores data on my behalf.

Hostinger’s servers may log standard technical information such as IP addresses, browser types, referring pages, and timestamps. This data is collected as part of standard hosting operations and is used for security monitoring, troubleshooting, and performance optimization.

Hostinger maintains security certifications and implements technical and organizational measures to protect data. However, in the unlikely event of a security breach affecting Hostinger’s infrastructure, visitor data stored on their servers could potentially be impacted. For more information about Hostinger’s data practices and security measures, please refer to their Privacy Policy, Data Processing Addendum, and Information Security Policy.

Cloudflare

I use Cloudflare for DNS management and various security and performance services. Cloudflare’s services may process visitor data including IP addresses, browser characteristics, and request metadata to provide DDoS protection, SSL/TLS encryption, and content delivery optimization.

Additionally, Cloudflare’s analytics beacon (cloudflareinsights.com/beacon.min.js) is present on pages of this site, which collects anonymized performance and usage metrics. This helps me understand site performance and visitor patterns.

For more information, please refer to Cloudflare’s Privacy Policy.

What Personal Data is Collected and Why

Comments

When visitors leave comments on this site, I collect the data shown in the comments form, including the commenter’s name, email address, and website URL (if provided). I also collect the visitor’s IP address and browser user agent string to assist with spam detection.

An anonymized string created from your email address (called a hash) may be provided to the Gravatar service to determine if you use it. The Gravatar service is operated by Automattic; their privacy policy is available at https://automattic.com/privacy/. After approval of your comment, your Gravatar profile picture (if you have one) becomes visible to the public alongside your comment.

Email Subscriptions

If you subscribe to receive notifications of new posts, your email address is collected and managed through Mailchimp. Mailchimp may collect additional data such as your IP address, location, and engagement metrics (such as whether you open emails). For more information, refer to Mailchimp’s Legal Policies and Privacy Policy.

You can unsubscribe from these notifications at any time using the unsubscribe link included in every email.

Media

If you upload images to this website (for example, as part of a comment), you should avoid uploading images with embedded location data (EXIF GPS metadata). Visitors to the website could potentially download images and extract any embedded location data.

Third-Party Services

Google Analytics

I use Google Analytics, integrated through Google Site Kit, to understand how visitors interact with this website. Google Analytics collects information such as:

  • Pages visited and time spent on pages
  • Referring websites and search terms
  • General geographic location (country/city level)
  • Browser type, operating system, and device information
  • IP address (which may be anonymized depending on configuration)

Google Analytics uses cookies to collect this information. Google may use the collected data to contextualize and personalize ads within its own advertising network if you use other Google services.

Your data may be processed in the United States. For more information, refer to Google’s Privacy Policy. You may opt out of Google Analytics by installing Google’s browser add-on.

Jetpack

I use Jetpack, a plugin developed by Automattic, for site statistics, performance optimization, and various other features. Jetpack may collect data including page views, referring URLs, browser information, and IP addresses to provide these services.

For more information, refer to Automattic’s Privacy Notice.

Akismet

This site gets a LOT of spam. Comment submissions on this site are checked through Akismet, an automated spam detection service operated by Automattic. When you submit a comment, Akismet collects information including:

  • Your IP address
  • Your browser user agent
  • The referring page URL
  • Your name, email, and website (as entered in the comment form)
  • The comment content

Akismet does not sell your data. Spam-related data is retained for short periods (typically between two weeks and ninety days) before being automatically deleted from Akismet’s systems. You can opt out of long-term tracking for the small subset of data Akismet retains longer by using their contact form.

For more information, refer to Akismet’s Privacy Policy.

Wordfence

I use Wordfence, a security plugin developed by Defiant, Inc., to protect this website against malicious attacks, malware, and unauthorized access attempts. Wordfence may collect and process the following data:

  • IP addresses of visitors (particularly those exhibiting suspicious behavior)
  • Browser user agents and request patterns
  • Login attempt information
  • Security event logs

Real-Time Wordfence Security Network: This site participates in the Real-Time Wordfence Security Network, which means certain data—including IP addresses of visitors flagged for suspicious activity—is transmitted to Wordfence’s cloud servers in the United States. This feature improves the collective security of websites using Wordfence by sharing threat intelligence in real-time.

Wordfence may also set cookies related to security features such as login verification and country blocking bypass. For a complete list of cookies Wordfence may set, refer to their GDPR documentation.

IP addresses are considered personally identifiable information under regulations such as GDPR. For more information about how Wordfence handles data, refer to Wordfence’s Privacy Policy.

Cloudflare Turnstile

I use Cloudflare Turnstile on certain pages (such as login and subscription forms) as a privacy-focused alternative to traditional CAPTCHA challenges. Turnstile helps protect the site from bots and automated abuse.

Turnstile works by running lightweight, non-interactive challenges in the background to verify that visitors are human. It collects minimal data, including:

  • Browser characteristics and user agent
  • Session data (headers, browser APIs)
  • System time and basic device signals

Turnstile does not use cookies to collect or store information, and it does not track users across websites. Cloudflare states that Turnstile is designed to comply with GDPR, CCPA, and ePrivacy Directive requirements.

For more information, refer to the Turnstile Privacy Addendum and Cloudflare’s Privacy Policy.

YouTube

I occasionally embed videos from YouTube on this site. Embedded YouTube content behaves as if you had visited YouTube directly—YouTube may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded video.

If you have a YouTube or Google account and are logged in, YouTube may associate your viewing activity with your account.

For more information, refer to YouTube’s Privacy Controls and Google’s Privacy Policy.

Cookies

Cookies are small text files stored on your device by your web browser. This site uses cookies for various purposes:

Comment Cookies

If you leave a comment on this site, you may opt in to saving your name, email address, and website URL in cookies. These cookies are for your convenience so that you do not have to re-enter your details when leaving another comment. These cookies persist for one year.

Authentication Cookies

If you visit the login page, a temporary cookie is set to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, several cookies are set to save your login information and screen display preferences. Login cookies persist for two days (or two weeks if you select “Remember Me”), and screen options cookies persist for one year. Logging out removes the login cookies.

If you edit or publish content, an additional cookie is saved indicating the post ID of the content you edited. This cookie expires after one day and contains no personal data.

Third-Party Cookies

Third-party services used on this site (such as Google Analytics, Jetpack, and YouTube) may set their own cookies. Please refer to the respective privacy policies of these services (linked above) for information about their cookie practices.

Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling cookies may affect the functionality of this site and other websites you visit.

Embedded Content from Other Websites

Articles on this site may include embedded content such as videos, images, or interactive elements from other websites. Embedded content from other websites behaves exactly as if you had visited that website directly.

These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content. If you have an account with and are logged into one of these websites, they may track your interaction with the embedded content on this site.

How Long I Retain Your Data

Comments: If you leave a comment, the comment and its associated metadata (name, email, IP address, timestamp) are retained indefinitely. This allows me to recognize and approve follow-up comments rather than holding them indefinitely for moderation.

Email Subscriptions: Your email address is retained by Mailchimp until you unsubscribe or request deletion.

Analytics Data: Retention periods for analytics data are determined by the respective third-party services (Google Analytics, Jetpack, Cloudflare). Generally, this data is retained in aggregate form and may be anonymized over time.

Security Logs: Wordfence may retain security-related logs (including IP addresses of blocked visitors) for varying periods depending on the nature of the security event.

Your Rights Over Your Data

If you have left comments on this site, submitted a contact form, or subscribed to email notifications, you have certain rights regarding your personal data under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Your Rights Include:

  • Right of Access: You can request a copy of the personal data I hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data, subject to certain exceptions (such as data I am legally required to retain).
  • Right to Restrict Processing: You can request that I limit how I use your data.
  • Right to Data Portability: You can request an export of your personal data in a structured, commonly used format.
  • Right to Object: You can object to certain types of data processing, including processing for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact me. I will respond to your request within one month (or within the timeframe required by applicable law).

For requests related to data held by third-party services, you may need to contact those services directly using the links provided throughout this policy.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. If you are located in the European Union, you can find your local data protection authority through the European Data Protection Board.

Data Security

I take reasonable measures to protect the personal data collected through this site from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and this website
  • Use of strong passwords and secure authentication methods
  • Regular software updates for WordPress, plugins, and server software
  • Security monitoring and firewall protection through Wordfence
  • DDoS protection and security features through Cloudflare

However, no method of electronic transmission or storage is 100% secure. While I strive to protect your personal data, I cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, I will notify affected individuals and relevant authorities as required by applicable law.

International Data Transfers

Some of the third-party services I use are operated by companies based in the United States or other countries outside the European Economic Area (EEA). This means your personal data may be transferred to and processed in countries that may not have data protection laws equivalent to those in your home country.

Specifically:

  • Google (Google Analytics, YouTube) — United States
  • Automattic (Jetpack, Akismet) — United States
  • Defiant (Wordfence) — United States
  • Cloudflare — United States
  • Mailchimp (Intuit) — United States
  • Hostinger — Servers may be located in various countries depending on configuration

These companies generally rely on legal mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or other approved transfer mechanisms to ensure appropriate safeguards for international data transfers.

Children’s Privacy

This website is not directed at children under the age of 13 (or 16 in certain jurisdictions). I do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data through this site, please contact me so I can take steps to delete such information.

Changes to This Privacy Policy

I may update this privacy policy from time to time to reflect changes in my practices, the services I use, or applicable laws. When I make significant changes, I will update the “Last Updated” date at the top of this policy.

I encourage you to review this privacy policy periodically to stay informed about how I protect your data.

Contact Information

If you have any questions about this privacy policy, would like to exercise your data rights, or have concerns about how your data is handled, please contact me.