Privacy Policy
How I handle your data (spoiler: I barely collect any)
On this page
Last Updated: December 27, 2025
The Short Version
I collect almost nothing. No cookies. No tracking pixels. No analytics. Everything stays in your browser. You can subscribe to updates via RSS or follow.it, which are managed externally.
For a security blog, I think that’s how it should be.
Who I Am
Nine Lives, Zero Trust is a personal security blog operated by Jerrad Dahlager. This site is hosted on Cloudflare Pages at nine-lives-zero-trust.pages.dev.
Contact: Email: [email protected] LinkedIn: linkedin.com/in/jerraddahlager
What I Collect
Information You Provide Voluntarily
RSS & Follow.it Subscriptions
You can subscribe to blog updates via:
- RSS feed: No personal data collected by me. Your RSS reader handles everything locally.
- follow.it: If you subscribe through follow.it, your email is managed by their platform, not by me. See follow.it’s Privacy Policy.
I do not directly collect or store email addresses for subscriptions.
Blog Feedback
Blog posts include links to discuss on LinkedIn or contact via email. If you reach out through these channels, your interaction is governed by LinkedIn’s or your email provider’s privacy policies respectively.
Information Stored in Your Browser Only
This site uses browser localStorage to remember your preferences. This data never leaves your device and is never transmitted to any server:
| Data | Purpose | Stored Where |
|---|---|---|
| Theme preference | Remember your chosen color theme | localStorage |
| Reading list | Save posts for later reading | localStorage |
| Post reactions | Track which posts you’ve reacted to | localStorage |
| Threat feed bookmarks | Save threat intelligence items | localStorage |
| Table of contents state | Remember if TOC is collapsed | localStorage |
You control this data. Clear your browser’s localStorage anytime to remove it. I cannot access it.
Information I Do NOT Collect
- No cookies: I don’t use cookies. At all.
- Privacy-first analytics: I use Cloudflare Web Analytics, which is cookie-free and doesn’t track individual users. It only provides aggregate page view counts.
- No advertising trackers: No pixels, no retargeting, no ad networks.
- No fingerprinting: I don’t track device fingerprints.
- No location data: I don’t request or store your location.
Third-Party Services
I use a minimal set of third-party services to operate this site:
Cloudflare (Hosting & CDN)
This site is hosted on Cloudflare Pages. Cloudflare may process your IP address and standard HTTP request information (browser type, referring page, etc.) for security, performance, and operational purposes. See Cloudflare’s Privacy Policy.
Follow.it (RSS Subscriptions)
If you subscribe via follow.it, your email is stored and managed by their platform. They handle email notifications when new posts are published. I do not have direct access to your email address. See follow.it’s Privacy Policy.
Google Fonts
I use Google Fonts (Outfit and JetBrains Mono) for typography. Google may log font requests. See Google’s Privacy Policy. No cookies are set by Google Fonts on this site.
LinkedIn (Social Engagement)
Blog posts include links to my LinkedIn profile for discussion. If you engage via LinkedIn, your interaction is governed by LinkedIn’s Privacy Policy.
Threat Feeds API
The Threat Feeds page fetches data from a Cloudflare Worker that aggregates publicly available vulnerability data from CISA and the National Vulnerability Database (NVD). This API logs your IP address temporarily (60 seconds) solely for rate limiting purposes. No personal data is stored beyond this brief window.
Data Retention
| Data Type | Retention Period |
|---|---|
| Follow.it subscriptions | Managed by follow.it - see their privacy policy |
| LinkedIn discussions | Governed by LinkedIn’s data retention policies |
| localStorage data | Until you clear your browser storage |
| API rate limit logs | 60 seconds |
Your Rights
Depending on your location, you may have the following rights:
For All Users
- Access: Request what data I have about you (hint: almost nothing - I don’t store your email)
- Deletion: Request I delete your data
- Unsubscribe: Manage your follow.it subscription directly through their platform
For California Residents (CCPA/CPRA)
- I do not sell personal information
- I do not share personal information for cross-context behavioral advertising
- You have the right to know what personal information I collect and how it’s used
- You have the right to delete your personal information
- You have the right to opt-out of sales (not applicable, I don’t sell data)
- You will not be discriminated against for exercising your privacy rights
For EU/EEA Residents (GDPR)
- Legal basis: I do not directly process personal data for subscriptions (handled by follow.it)
- Right to withdraw consent: Manage your subscription through follow.it
- Right to erasure: Contact follow.it directly for subscription data, or contact me for any other data
- Right to lodge a complaint: You may file a complaint with your local data protection authority
Data Security
I implement security measures appropriate for a site that collects minimal data:
- HTTPS everywhere: All connections are encrypted via TLS
- Security headers: Strict CSP, HSTS, X-Frame-Options, and other protections
- No server-side data storage: I don’t maintain databases of user data
- Third-party vetting: I only use reputable, privacy-conscious service providers
Changes to This Policy
I may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. For significant changes, I may notify newsletter subscribers via email.
Contact Me
Questions about this Privacy Policy? Concerns about your data?
Email: [email protected] LinkedIn: linkedin.com/in/jerraddahlager
I’ll respond within 30 days.
As a security professional, I believe privacy isn’t just a policy, it’s a practice. This site is designed to minimize data collection because that’s the most effective way to protect your privacy.