Oak Compendium

Privacy Policy

Privacy-Protecting Analytics

The Oak Compendium uses a custom, self-hosted analytics system designed to respect visitor privacy while providing useful insights for site improvement. We do not use Google Analytics or any third-party tracking service.

How It Works

We compute a daily visitor identifier as SHA256(today_date ‖ ip ‖ user_agent). The IP address and user-agent are read in memory only; neither is written to disk. The resulting hash is a one-way fingerprint and cannot be reversed to recover your IP.

Because the date is part of the hash input, every visitor identifier rotates at midnight UTC. Yesterday's identifier cannot be reconstructed today, which makes cross-day tracking technically impossible.

The implementation is open source. View the code on GitHub: analytics module and analytics plug.

View Live Analytics

You can view real-time site analytics on the public Analytics page, which shows the same data collected using this privacy-protecting approach.

What We Don't Store

  • IP Addresses: never written to disk or logged
  • User Agents: read in memory only to compute the daily hash and detect bots; not stored
  • Tracking Cookies: none are set
  • Cross-Session Data: the daily-rotating hash makes it technically impossible to correlate visits across days
  • Personal Information: no email addresses, names, or other identifying information

What We Do Collect

The following is recorded per page view and aggregated for statistical purposes only:

  • Page Paths: which pages are visited (for example, "/about" or "/species/quercus-alba")
  • HTTP Status Codes: so we can find and fix broken links (404s)
  • Referrer Hosts: the host portion of the HTTP Referer header (for example, "google.com"); never the full URL or path
  • Daily-Rotating Visitor Hash: used to count unique daily visitors per page
  • Timestamp: when the page was visited

Data Retention

Aggregate analytics data is retained indefinitely so we can understand long-term trends. Because the only per-visit identifier is the daily-rotating hash, there is no way to connect visits across days or identify individual visitors regardless of retention.

No Third-Party Trackers

The Oak Compendium does not use Google Analytics, Facebook Pixel, or any other third-party tracking service. All analytics happen in this application, on our server, with the code shown above.

Authentication

The Oak Compendium has no public user accounts and no login flow for visitors. Write access to the database is gated by an API key used only by the site author; no personal data is collected from visitors at any point.

Cookies

A standard Phoenix session cookie is used to carry the daily-rotating visitor hash between the initial page request and any client-side navigation that follows. It is not used for tracking, not shared with third parties, and contains no personal data.

External Services

The Oak Compendium relies on the following external services:

  • Fly.io: application hosting
  • AWS S3 (via Litestream): continuous database backup only; no visitor data is sent to S3

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date below.

Contact

If you have questions about this privacy policy or our data practices, please open an issue on GitHub.

Last updated: 2026-05-12