Privacy Policy

Last updated: April 24, 2026

This site is a personal publication. I try to collect as little data as possible, and this page explains exactly what is collected, by whom, and why. If anything here is unclear or you want your data removed, email me at privacy@theairgap.io.

Who runs this site

The Air Gap is operated by Lyndi Castrejon as an individual. It is hosted on Netlify, and the source code for the site is open to inspection on request.

What this site collects directly

Nothing, unless you subscribe to the newsletter or contact me by email.

The site does not set cookies, does not use local storage for tracking, and does not run any advertising scripts.

Analytics

This site uses Umami Cloud to understand which posts are being read. Umami is a privacy-focused analytics service that does not use cookies, does not track you across sites, and does not collect personal data. What it records per page view:

  • The page you visited
  • The referring site (if any)
  • Your approximate country (derived from IP, not stored)
  • Your browser and operating system (derived from the user agent)
  • Screen size

Your IP address is used to derive country and is then discarded — it is not stored by Umami. No individual visitor profile is built or retained. You can read Umami’s privacy documentation at umami.is/docs/faq.

If you do not want to be counted at all, most browsers respect tracking-blocker extensions (uBlock Origin, Privacy Badger), and Umami’s script is blocked by many of them.

The newsletter

If you subscribe to the newsletter, here’s what happens:

What I collect at signup:

  • Your email address (required)
  • Your “context” and “intent” answers, if you choose to provide them (optional)
  • The date and time of your signup
  • Your IP address at signup

Why: The email address is how I send you the newsletter. The optional questions help me send content that’s more relevant to you. The timestamp and IP are stored as proof of consent, which is required by GDPR if you’re in the EU.

How it’s stored: Newsletter data is held by EmailOctopus, my email service provider. They process this data on my behalf under their data processing terms. Their privacy policy is at emailoctopus.com/privacy-policy.

Double opt-in: After you submit the form, you will receive a confirmation email. Your email is not added to the active list until you click the confirmation link. If you never confirm, your pending record is deleted automatically.

Tracking inside emails: Open tracking is disabled. Link clicks inside newsletters are tracked by EmailOctopus so I can understand which topics interest readers. If you do not want your clicks tracked, you can view the newsletter in your browser via the web version link included in each email, or simply not click.

Unsubscribing: Every email contains an unsubscribe link. Clicking it removes you from the list immediately. You can also email me directly to be removed, and I’ll confirm once it’s done.

Data retention: If you unsubscribe, your record is moved to an unsubscribed state in EmailOctopus and no further emails are sent. If you want your data fully deleted rather than marked unsubscribed, email me and I’ll delete the record.

Some posts on this site contain affiliate links. When you click one and buy something, I may earn a commission at no additional cost to you. I only link to products I use or would use. I do not share any personal information about you with affiliate partners — the tracking is handled by the partner’s own cookies, which are set only if you click through. If you don’t click the link, nothing is shared.

Affiliate links are disclosed near the top of any post that contains them.

Comments and contact

There is no comment system on this site. If you email me, I’ll see your email address and whatever you send me. I don’t add people to the newsletter without their explicit signup, and I don’t share email correspondence with anyone.

Hosting and infrastructure

The site is served by Netlify. Netlify automatically logs HTTP requests (IP addresses, user agents, timestamps, URLs requested) for security and operational purposes. These logs are Netlify’s and are governed by their privacy policy at netlify.com/privacy. I don’t access or retain these logs beyond what Netlify’s dashboard shows for short-term traffic summaries.

Fonts are loaded from Google Fonts. Google receives a request for the font files when you load a page. If this concerns you, consider using a browser extension that blocks third-party font loading, or contact me — I’m open to self-hosting the fonts to remove this dependency.

Your rights

Depending on where you live, you may have rights over your personal data, including the right to access, correct, delete, or port it, and the right to object to its processing.

  • If you’re in the EU/EEA or UK (GDPR/UK GDPR), you have these rights fully, plus the right to lodge a complaint with your local data protection authority.
  • If you’re in California (CCPA/CPRA), you have similar rights including the right to know what’s collected and the right to deletion.
  • If you’re in Canada (PIPEDA/CASL), similar rights apply, and express consent is required for marketing email.

To exercise any of these rights, email privacy@theairgap.io. I’ll respond within 30 days, usually much sooner.

Changes to this policy

If I change this policy in a way that affects how your data is handled, I’ll note the change here and update the “Last updated” date at the top. For significant changes affecting current subscribers, I’ll send a notice in the newsletter.

Contact

Questions, concerns, or data requests: privacy@theairgap.io