Privacy Policy

Last updated: January 15, 2026

1. Who we are

This site is operated by COOLmanYT (individual site owner based in Australia). You can contact us regarding privacy matters at this email or via the contact page.

2. What we collect

This site is primarily static. We may collect:

• Form submissions and the data you provide: This includes, but is not limited to, information submitted through contact.html and email addresses and subscription preferences for newsletters.
• Operational/server logs for security and reliability: Hosting and security logs processed by our infrastructure provider (Vercel), which may include IP address, user agent, request path, timestamps, ASN information, and network or fingerprinting signals (such as JA4 digests) used for security, rate limiting, and abuse prevention.
• Webhook or admin inputs if those features are used.
• Privacy-friendly analytics via Vercel Web Analytics (always enabled): page views, referrers, device/browser type, country-level location, bounce rate.

You may browse the site without identifying yourself. Identification is only required if you submit a form or contact us.

3. Cookies and local storage

We use functional cookies/local storage for things like theme preference, basic visit/cooldown flags, and admin authentication. Vercel Web Analytics runs on every page without advertising or cross-site tracking. No advertising cookies are used.

4. Legal bases (GDPR/UK GDPR)

We process personal data on these bases:

• Consent: When you voluntarily submit information through forms (such as contact or newsletter signup) or otherwise contact us. We do not rely on consent for privacy-friendly analytics, which are processed under legitimate interests.
• Legitimate interests: Site security, fraud prevention, service reliability, and understanding basic site usage without profiling. Operating and improving the site using privacy-friendly, anonymised analytics that do not use cookies or advertising identifiers. Maintaining site security, detecting abuse, preventing fraud, and ensuring availability using hosting-level logging and firewall protections.
• Contract/performance: Providing responses you request (e.g., replying to your contact message).
• Legal obligation: Compliance with law enforcement or regulatory requirements.

5. How we use data

To operate the site, respond to you, secure the service, debug issues, and improve content. Form submissions are used only to reply to you. Webhook configurations (if you use them) are used to send the notifications you request. We do not send unsolicited marketing communications.

6. Sharing

We do not sell data. We share data only with service providers that help run the site (hosting, analytics, email/backend form handling) or if required by law. Depending on the service, providers act either as processors on our behalf (such as Formspree or MailerLite) or as independent controllers (such as Google, YouTube, or Spotify) under their own privacy policies. We do not have direct control over their internal data retention practices. We do not sell or share personal information under the CCPA/CPRA.

7. Third-party services

Embeds and integrations may set their own cookies or collect usage data. Key services and their policies:

• YouTube (embeds + Data API for latest uploads): Terms, Privacy, API Services Terms
• Spotify (playlist embed): Terms, Privacy
• Discord (webhooks / community links): Terms, Privacy
• Formspree (contact form backend): Terms, Privacy
• GitHub (admin sign-in and commits): Terms, Privacy
• Vercel Web Analytics: Terms, Privacy
• Google Fonts (font delivery): Terms, Privacy
• Buy Me A Coffee (external support link): Terms, Privacy
• MailerLite (newsletter): Terms, Privacy
• Google reCAPTCHA (spam prevention for forms/newsletter): Privacy, Terms

YouTube API access is read-only for latest uploads; no sensitive scopes are requested. Loading Google Fonts may involve the transmission of your IP address to Google for font delivery. Some third-party services we use (such as Formspree and MailerLite) may use Google reCAPTCHA to protect forms from spam and abuse. reCAPTCHA may analyze user behavior and process device, network, and interaction data for security purposes as described in Google’s privacy policy.

8. Newsletter subscription

If you choose to subscribe to our newsletter, we collect your email address and any other information you provide. We use this data solely to send you newsletters and occasional updates. We do not share your email with third parties except our newsletter provider (e.g., MailerLite), which processes your data according to their privacy policy. You can unsubscribe at any time using the unsubscribe link in any email we send (excluding double opt-in email) or by contacting us.

9. International transfers

Data may be processed in countries other than yours. Where required, we use safeguards such as standard contractual clauses or equivalent mechanisms offered by our providers.

10. Data retention

We keep data only as long as needed for the purposes above:

• Form submissions: Retained only as long as necessary to respond and keep reasonable records (typically weeks to months).
• Server logs: Retained for short periods and rotated regularly for security, diagnostics, and abuse prevention.
• Analytics: Stored only in anonymised, aggregate form.
• Admin/auth data: Retained while access is active and as needed for site administration.

11. Security

We use HTTPS and restrict admin access with authentication and allowlists. No system is perfectly secure—avoid submitting highly sensitive information. We take reasonable steps to protect personal information from misuse, interference, and loss.

12. Your rights

Depending on your region (e.g., EU/EEA/UK under GDPR/UK GDPR, California under CCPA/CPRA, Brazil under LGPD, Canada under PIPEDA, Australia under Privacy Act), you may have rights to access, correct, delete, restrict, or object to processing; receive a copy (portability); and opt out of sale/sharing of personal information. We honor applicable rights requests. To exercise rights, contact us via the Contact section. We will delete or correct personal information we control upon verified request. We may require reasonable proof of identity to prevent unauthorized access or deletion. Some data is processed by third-party service providers (such as Vercel Analytics or Formspree). Where reasonably possible, we will assist with deletion or correction requests by contacting the relevant provider or providing guidance, subject to their retention policies and legal obligations.

13. Cookies and similar tech

We use functional cookies/local storage (preferences, cooldown flags, admin auth) and privacy-friendly Vercel Web Analytics on every page. No advertising cookies. See the Cookie Policy for details.

14. Opt-outs

You can block cookies/embeds via your browser. Vercel Web Analytics runs by default; you may reduce its collection by blocking the analytics script or using content blockers/DNS filters. If you do not want referrers/utm recorded, remove utm parameters and block referrers in your browser.

15. Children

The site is not directed to children and does not allow anyone under the age of 13 (or the applicable age in your local region) to submit personal information. Do not submit information about children. If you believe a child has provided data, contact us to remove it.

16. Do Not Track

Browsers may send “Do Not Track” signals. We do not track users for advertising and treat DNT as aligning with our non-advertising stance.

17. Changes

We may update this policy. Material changes will be reflected by updating the date above. Continued use after changes means you accept the updated policy.

18. Complaints

If you believe your privacy rights have been infringed, contact us first via the contact details below. Depending on your location, you may also contact your local authority (e.g., Office of the Australian Information Commissioner at oaic.gov.au/privacy/privacy-complaints, EU Data Protection Authorities, UK ICO, or relevant authority in your region).

19. Contact

For privacy questions or requests (access, correction, deletion, opt-out), reach out via contact.html or this email.