Privacy policy
What I collect, and why.
The short version: this is a personal site. I run it myself. I collect the minimum I need to make the site work, see what posts land, and reply to people who write in.
Last updated: May 13, 2026
The short version
- I use Google Analytics with IP anonymization to see which posts get read.
- If you fill in the contact form, I get your name, email, and message. I reply from my personal inbox.
- If you subscribe to The Dispatch, your email goes to Beehiiv. You can unsubscribe with one click from any email.
- I do not sell your data. I do not run ads. I do not share data with anyone except the vendors listed below, all of whom need it to make the site work.
- If you want me to delete, see, correct, or export your data, use the form at the bottom of this page and I will.
Who runs this site
falkster.com is a personal site written and operated by Falk Gottlob. There is no company behind it, no marketing team, no data-broker partnerships. The data controller for anything collected here is me.
For any privacy question, use the privacy request form below. It comes straight to me.
What I collect, and what for
Analytics
I use Google Analytics 4 to see traffic patterns: which posts get read, where readers come from, how far they scroll. IP addresses are anonymized before they reach Google. Consent defaults follow Google's Consent Mode v2, which means analytics storage is off by default until you accept, and ad-related signals are off entirely.
The events I track are functional: page views, scroll depth, outbound link clicks, newsletter sign-ups, votes on posts, and clicks on calls to action. I do not track you across other sites. I do not build advertising profiles. If you want to opt out completely, browser extensions like uBlock Origin or Privacy Badger will block these scripts, and the site still works fine.
Contact form
When you use the contact form on /contact or the “Work with Falk” pages, I collect the name, email, and message you fill in, plus the topic preset you came from (advisor, workshop, audit, etc.). The form has a honeypot and a per-IP rate limit, so I also see your IP for a short window to keep bots out.
Submissions are stored in a small CRM I run for myself (a Postgres database on Railway) and are emailed to me via Resend so I see them in my inbox. The only person who reads them is me.
Newsletter (The Dispatch)
If you subscribe to The Dispatch, your email is sent to Beehiiv, who handles the list and sends the emails on my behalf. I also record a source tag so I can tell which page someone subscribed from. Every issue has a one-click unsubscribe link, and you can also write in through the privacy request form below and I will remove you the same day.
Engagement signals (anonymous)
The site keeps an anonymous tally of views, likes, and votes per post so I can see what resonates. These are stored in a flat file on the server with no personal identifiers attached. There is no way to tie a signal back to a specific reader.
Cookies
The site itself sets no marketing cookies. Google Analytics sets its standard analytics cookies (e.g. _ga) once you accept analytics in the consent banner; these have IP anonymization on. The only first-party cookie I set is falkster_admin, which is a signed session token used when I log in to the admin area of my own site. You will never receive it.
Vendors I use
These are the third parties that touch data from this site. I picked each one because it does one specific job. Each has its own privacy policy, linked below.
| Vendor | What it does | Data it sees |
|---|---|---|
| Railway | Hosting and database | Everything the site stores |
| Google Analytics 4 | Traffic analytics | Page views, anonymized IP, device, referrer |
| Beehiiv | Newsletter delivery | Email, source tag, open and click events |
| Resend | Transactional email | Contents of contact-form submissions |
| Google Fonts | Web fonts | IP address at the moment a font loads |
How long I keep it
Analytics data is retained for 14 months in Google Analytics, the shortest setting available, then deleted automatically.
Contact-form submissions stay in my CRM until I no longer need them for the conversation we are having. If we stop talking, I clean them out at least once a year.
Newsletter subscriptions stay on the list until you unsubscribe, at which point Beehiiv removes you.
Your rights
Wherever you are, you can ask me to show you what I have, correct it, delete it, or stop processing it. If you are in the EU, the UK, or California, you have the corresponding rights under GDPR, UK GDPR, and the CCPA / CPRA. I do not sell personal information and I do not share it for cross-context behavioral advertising, so there is nothing to opt out of on that front.
To make a request, use the privacy request form below. Mention the email address you used on the site so I can find your data. I aim to respond within a week.
Children
This site is written for working product managers. It is not aimed at anyone under 16, and I do not knowingly collect data from children.
Changes to this policy
When I change a vendor or add a new way of collecting data, I update this page and bump the “Last updated” date at the top. The site is small enough that there is no version history page; if you want to see what changed, the file lives in the public Git repository.
Make a privacy request
This form is just for privacy questions (delete, see, correct, or export your data, or anything else from this policy). It comes straight to me, nobody else sees it. For everything else, the general contact form is the right place.