Skip to main content
SPAO Systems

Privacy

Privacy.

A static portfolio site. No accounts, no logins, no newsletter, no chatbot, no advertising, no third-party analytics or tracking pixels. No personal data is sold, rented, or shared — none is collected to begin with.

Last updated 2026-05-15

What is collected

Only the minimum required to host the site reliably and keep it healthy:

  • Hosting logs (Vercel). Like any web server, the host records standard request metadata — IP address, timestamp, requested path, user agent — in short-lived operational logs used for delivery, security, and abuse prevention. Not used to profile visitors; not combined with any other data.
  • Performance measurements (Vercel Speed Insights). Anonymous, aggregate page-performance metrics. No cookies are set for this, and no cross-site identifier is created.
  • Error diagnostics (Sentry). If a page errors, a diagnostic event is recorded so the bug can be fixed. Sentry runs with sendDefaultPii: false, and client and server strip query strings before sending. No session replay is recorded.
  • CSP violation reports. The browser may post Content-Security-Policy violation reports to a write-only endpoint. These describe blocked resources, not people, and exist to detect misconfiguration and injection attempts.

What is stored on your device

Your light/dark theme preference is saved in your browser’s local storage (dc.theme). It is a first-party functional value, never transmitted to a server, and used only to render the site the way you left it. Clearing site data removes it.

No advertising cookies. No analytics cookies. No cross-site trackers. No fingerprinting.

Outbound data

The site reads a live status feed from dc-status.vercel.app. That feed carries only whitelisted aggregate signals from the Desk Commander paper-trading system — never per-trade data, parameters, or anything that identifies a visitor. Your browser’s request to that feed gets the same minimal hosting-log treatment described above.

Your rights

Because no personal profile is created, there is nothing to export, correct, or delete on a per-person basis. Operational hosting logs age out on the host’s standard retention schedule. For a privacy question or data request anyway, open a thread at github.com/spaosystem/dc-showcase/discussions. Security vulnerabilities should be reported via the channel in /.well-known/security.txt.

Changes

This statement may change as the site evolves. The “last updated” date reflects the current version; material changes are recorded in the project audit log.