rina's space

privacy policy

this is a personal website, and not a commercial or legal entity, run by rina (hi[at]riri[.]my for any questions or concerns). this website aims to collect as little data about you as possible. however, like every other website it does collect some amount of data. collecting nothing is, unfortunately, nearly impossible.

what is collected?

this site collects two kinds of information: mandatory (for operations/security) and voluntary (if you post in the guestbook).

mandatory collection

this website does not have trackers, first-party cookies, in order to better protect your privacy. however, some information is collected by the server software itself.

the collected information includes, but may not be limited to: IP address, user agent, URL/URI

why: it is necessary to collect this data for the operational needs and security of the website. "operational needs" include, but aren’t limited to, security purposes (such as identifying and preventing attacks, spam, or DDoS), ensuring users can access the site properly, troubleshooting issues, and maintaining the functionality of the website.
can you opt out: no, you cannot opt out, this information is necessary to keep the website running, and it is automatically collected by the server software. however, you can mitigate this by using a VPN and/or spoofing your user-agent.
retention: these logs can be kept for up to eight (8) months, although, in practice they are purged much sooner.

i don't try to identify you by name or build profiles from your IP or user-agent; i only use them for operations and security (troubleshooting, anti-abuse/bans).

ⓘ this information is not disclosed to 3rd parties, unless required by law.

this website anonymously (without cookies) collects basic analytics on a self hosted instance of umami, in the interest of transparency the analytics data is publicly viewable here.

ip addresses and bans

to mitigate abuse (spam, harassment, DDoS, etc.), entries from operational logs (IP or network range) may be moved into network filters (firewall/IDS). filter entries can be kept indefinitely and therefore longer than the standard eight (8) months log retention. in most cases i block a shared network or subnet (CIDR range) rather than an individual address. in rare cases, if a single address is clearly sending a lot of abusive traffic, i will block that specific IP.

bans are usually permanent and last as long as needed to protect the site; if a ban is lifted, the filter entry is removed. in simple terms: i keep a network or IP block so the site stays available.

voluntary collection

this website includes a comment section (guestbook) where the visitors can leave a note to the website owner, a comment in reference to one, or more posts, etc.

comments are moderated before being published publicly. this moderation is at website owner's own discretion.

the collected information includes, name or alias you've provided, your message content itself, and optionally a link to your own website.
why: this data is used to publicly display opinions of this website visitors. keep in mind: you choose to share this info, and can withdraw consent anytime by deleting it.
can you opt out: yes. by not submitting a comment.
do you have right to delete: yes. upon submitting you're provided a unique deletion link that you can use to delete your comment. this link will be shown on the screen immediately after submission, so make sure to save it. if you lose the link, the process to delete your comment becomes more complicated, and deletion is no longer guaranteed.
i've lost or misplaced the link, what now? due to data minimization, the options for comment removal are limited. if you included a website URL or PGP-signed your comment when submitting, contact me directly.
- if you provided a website URL, you'll need to upload a text file to the root (root directory) of your website or create a TXT record in your DNS settings (the content of which we will discuss privately) to prove that you are the original poster.
- if you PGP-signed your comment, please provide the PGP signature or public key associated with the comment. i'll verify the signature to ensure it's from the original poster.
since no other identifiable information (such as emails or IP addresses) was collected when you submitted your comment, if you did not provide a website URL or PGP-sign your comment, there will be no way to remove the comment without the original deletion link. unfortunately, without this link, i cannot verify that you are the original poster and therefore cannot delete the comment.
do you have right to rectification: in certain cases, you may contact me to do it manually. you'll either need to include a URL to your website upon submission, and upload a text file to the root (root directory) of your website, or make a TXT record inside your DNS (content of which we will privately discuss), or PGP-sign your comment, so your identity can be proven. due to data minimization practices i do not permit user accounts, or collect email addresses, so this has to be a manual process.
do you have right to data portability: if you want a copy of your voluntary data (like comments) in a handy format, just ask.
do you have right to data access: you can request a copy of the data i hold about you. this is in most cases just your comments. the automatic data collected, such as server logs (IPs or user agents) cannot reliably be tied to any person.
do you have right right to withdraw consent: yes. just delete your comment!
do you have right to restrict processing: by submitting a comment, you are voluntarily providing some data (such as your name or alias and comment content). even if your comment isn't approved or is deleted, this could still be considered processing. if you wish to restrict the processing of your data, the best way to do so is by not submitting a comment in the first place. "restrict" can also mean that i will unpublish/hide, but not delete, the comment from public view and keep only the minimum needed to honor your request. you may have to prove you are the original poster for this to be honored (delete link, website/DNS, or PGP). this can also be reversed, by your request.
retention: guestbook entries are meant to stay for the lifetime of the website as a public-facing record of opinions and expression, unless deleted by original poster, or the website owner for any reason, or no reason at all.

if you need to contact me, for any of reasons above, use the email address provided in the beginning of this policy.

why exactly i use this data

• ops logs and network filters/bans: legitimate interests (site security and abuse prevention).
• guestbook publishing: consent (you choose to submit and can withdraw by deleting).
• analytics (self-hosted umami, no cookies): legitimate interests (basic, aggregated metrics).

children's data protection

to prioritize everyone's privacy, this website does not collect any demographic information, including age data. as such, i am unable to know the age of my visitors. please note, this site is not designed for children and may contain content with mature themes or profanity. by accessing the site, it is assumed that you are at least 16 years old, or that you have permission from a parent or guardian. i do not knowingly collect or process data of children.

if you are under 16, you should not provide personal data or use this site at all without parental consent. if you choose to continue browsing, you must obtain parental consent.

hosting provider & data storage

this website is currently hosted on colocrossing infrastructure, with vps services purchased from dedirock (atlas cloud llc). both of the aforementioned companies are based in the united states. this website itself is hosted on servers in buffalo, ny, usa. this means all data sent to me passes through those companies. since this website uses HTTPS (TLS), network providers can see connection metadata (your IP, my server’s IP, and the domain you connected to) but not the page contents. keep in mind that your data is stored outside the european union (in the united states).

the analytics (uma.riri.my) is hosted on oracle cloud infrastructure, with a server in milan, italy. oracle is based in the united states.

where your data is stored

as mentioned above, your data is stored in the united states. the u.s. has different data protection regulations than the european union or other countries, so please be aware of that. i take reasonable steps to ensure your data is kept secure, but keep in mind no system is unbreachable.

additionally, data may be accessed and moderated by the website owner (a serbian national), which means your data might temporarily be stored on personal devices within serbia. this could happen for purposes such as, but not necessarily limited to, backups, moderation, server maintenance, or server transfers.

who can access the data? i run this site independently and have root access to the main server where the website is hosted, root access to the secondary milan server, and admin access to any personal devices i use for maintenance. i may access logs, backups, or the database to perform maintenance, moderate the guestbook, publish new content, troubleshoot issues, restore backups, or perform server transfers. sometimes i may temporarily store server backups on my personal devices (for example during a server transfer). no other persons have access to the server or my personal devices.

data breach notification

in the unlikely event of a data breach where any personal data is accessed without authorization, i will inform you as soon as possible. if possible, i'll let you know what data was compromised, how the breach happened, and what steps have been taken to fix the issue. because i don't collect email addresses, i may not be able to notify everyone individually, but i will post any information in form of a blogpost on this website. this information will be disclosed within 72h.

linked content

some content may be pulled from other websites, services or resources. these could set their own cookies, involve their own tracking, as well as behaving as though you visited the 3rd party service directly. this may include, but is not limited to, assets such as tailwindcss, jsdelivr, google fonts, media links from youtube, or spotify, or similar services. furthermore, this website is a part of, and may join webrings and other mutual linking website networks, those often require loading external javascript.

how these external services collect and keep the info they collected is under their own jurisdiction. you're encouraged to review their privacy policies as well for more information.

this privacy policy may be updated periodically. any changes will be posted on this page, users are encouraged to check this page periodically.

last update 10/27/2025 07:00 AM CET.

TL;DR: i don't track you, i don't sell your info, and i collect as little as possible.