Privacy Policy for NumName

This is the privacy Policy the NumName website accessible at www.numname.com (the "Website"). This policy describes what information the Website collects, how the information is used, and your rights regarding any data storing and processing.

1. Information Collection

NumName collects anonymized technical data. (Anonymized data can not be tied to a any specific individual.) Our website automatically collects:

• IP addresses: Truncated immediately upon receipt by removing the last octet (e.g., 192.168.1.XXX becomes 192.168.1.0) before any storage or processing. These truncated addresses are stored separately from all other data in isolated logs with no linking identifiers.
• Page view analytics: Each page load increments a counter on our server. We record only: page URL, timestamp (rounded to nearest hour), and total count. No user sessions, paths, or sequences are tracked.
• Technical data: Browser family (Chrome, Firefox, Safari, Edge, Other) and operating system family (Windows, macOS, Linux, iOS, Android, Other) detected from user-agent string. Specific version numbers are discarded. This data is immediately aggregated into daily totals upon collection and never stored at the individual request level.

We explicitly do NOT collect:

• We do NOT collect cookies: Small files stored on your device to track behavior
• We do NOT collect personal information: Names, email addresses, phone numbers, or any user-provided data
• We do NOT collect device fingerprints: Unique device identification techniques including canvas fingerprinting, WebGL data, or hardware specifications
• We do NOT collect user accounts: No registration or login functionality exists on our website
• We do NOT collect behavioral tracking data: No monitoring of mouse movements, click patterns, session duration, or navigation paths
• We do NOT collect third-party analytics: No Google Analytics, Meta Pixel, or similar external tracking services

2. Data Usage

Technical data collected under Section 1 is processed as follows:

Truncated IP addresses (192.168.1.0 format):

• Block denial-of-service attacks exceeding 100 requests per minute from same truncated IP
• Generate daily geographic traffic reports (country/region level only)
• Identify server errors concentrated in specific network ranges

Page view counters:

• Calculate server load to prevent website downtime
• Identify unused pages for removal (zero views in 30 days)
• Allocate hosting resources based on hourly traffic volumes

Browser/OS aggregated data:

• Test website compatibility only for browsers with >5% usage share
• Remove support for obsolete browsers (<1% usage for 6 months)
• Debug rendering issues reported by visitors

Data is not used for:

• Individual visitor tracking or profiling
• Marketing, advertising, or user targeting
• Sale, sharing, or transfer to any third party
• Any purpose beyond those explicitly listed above

Legal basis: Legitimate interests (GDPR Article 6(1)(f)) - specifically, ensuring website availability, preventing cyberattacks, and maintaining cross-browser compatibility. The anonymization techniques in Section 1 ensure these interests do not override visitor privacy rights.

Data retention: See Section 3.

3. Data Retention

Truncated IP addresses:

• Stored in access logs for 7 days from collection
• Automatically deleted after 7 days via daily cron job at 00:00 UTC
• No backups retained beyond 7-day period

Page view counters:

• Individual page loads aggregated every hour on the hour
• Hourly aggregates combined into daily totals at midnight UTC
• Daily totals retained for 12 months then permanently deleted
• Raw counter data deleted immediately after hourly aggregation

Browser/OS data:

• Aggregated into daily statistics within 1 hour of collection
• Daily statistics retained for 12 months then permanently deleted
• Individual browser/OS records never stored

Additional retention practices:

• No session identifiers created or stored
• No visitor identifiers generated
• No data archived beyond stated retention periods
• Deletion is permanent and non-recoverable

4. Data Security

• All data transmission encrypted via HTTPS
• Server access restricted to authorized personnel only
• No personal data is stored on third-party servers beyond what is necessary for hosting and email. Our hosting and email providers act as processors and handle only operational logs and email content needed to provide these services.

5. Email Communications

Contact via privacy@numname.com:

• Used only to respond to your specific inquiry
• Deleted 30 days after our last response to you
• Never used for marketing or shared with others
• Emails are processed by Gmail acting as our processor and are deleted from our mailbox 30 days after our last response to you.

6. Third Parties

• No advertising networks: We don't display ads or use ad tracking
• No social media integration: No Facebook, Twitter, or other social plugins
• No external tracking: No Google Analytics or similar services that profile users

7. Regulatory Compliance

We aim to comply with the following frameworks (to the extent they apply):

• GDPR: EU General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• COPPA: Children's Online Privacy Protection Act
• PECR: Privacy and Electronic Communications Regulations (no cookies used)
• COPPA: We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact privacy@numname.com to request deletion.

8. Data Controller

The data controller responsible for operation of this website and any minimal, non-personal technical data is:

NumName is the data controller for visitors in the EEA/UK for purposes of the GDPR/UK GDPR.

9. Your Rights

You have the right to:

• Access: Request what data (if any) we have about you
• Deletion: Request removal of any data
• Object: Request cessation of data processing

How to exercise: Contact privacy@numname.com. We may request limited information to verify your request.

These rights mainly apply to email communications you send us, as other data we process is non-identifiable.

10. Supervisory Authority

If you are an EU/EEA resident and believe your rights under GDPR have been violated, you have the right to file a complaint with your local supervisory authority (data protection regulator). A list of national authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en

11. Policy Updates

Changes to this policy will be posted on this page with an updated date. Material changes will be highlighted at the top of the policy for 30 days.

12. Contact