Last updated: 2026-05-22. Significant changes will be reflected in the changelog at the foot of this page.

Who we are

stackharden.com ("we", “us”) is operated by:

  • Controller: Data Vision IT Consulting Limited
  • Registered address: Kilbride, Wicklow, Ireland
  • Email for privacy matters: [email protected]
  • Supervisory authority: Data Protection Commission (Ireland) — dataprotection.ie

This notice covers stackharden.com and its related subdomains — tools.stackharden.com (the small tool suite) and lists.stackharden.com (the mailing list software) — which are operated by the same controller as one logical service.

Our approach

This is a content site. We do not require accounts, do not run a comments system, and do not embed third-party trackers in articles. The site is built as static HTML and served from a CDN. The single form on the main site is the optional subscription form, explicitly opt-in and explained below.

Serving a website over the public internet still means request metadata flows through systems we use as processors. The rest of this notice is about what those are and what we do with the data they see.

What we process, and why

Server / CDN request metadata

Every request to stackharden.com is routed via our hosting / CDN provider (see Processors below). That provider sees:

  • The requesting IP address.
  • The URL requested.
  • The User-Agent string sent by the browser.
  • Standard HTTP headers.

We use this metadata only for operational security and abuse prevention (rate limiting, blocking known-bad traffic). We do not export these logs into our own systems for analysis. The CDN retains them according to its own retention policy, documented in its Data Processing Agreement.

  • Legal basis: Article 6(1)(f) GDPR — legitimate interests (operating and protecting the site).
  • Retention: As set by the CDN provider — we do not store these logs ourselves.

Analytics

We use Plausible Analytics — a cookieless, privacy-preserving web analytics provider hosted in the EU (Germany). Plausible processes the visitor’s IP address and User-Agent server-side to count unique visitors, derives a hashed fingerprint that rotates daily, and retains only aggregate metrics (pageviews per URL, referrer counts, browser / OS summaries). No cookies are set. No data is shared with third parties. No cross-site tracking.

Because Plausible sets no cookies and the only personal data processed is the IP / User-Agent fingerprint that rotates daily and is never available to us at row level, no consent prompt is required under GDPR or ePrivacy.

  • Legal basis: Article 6(1)(f) GDPR — legitimate interests (understanding which content is read and how to improve it).
  • Retention: As set by Plausible — aggregate metrics indefinitely; no individual session data retained.

Cookies

stackharden.com sets no cookies of its own. The CDN may set strictly-necessary security cookies in specific cases (e.g. after a CAPTCHA challenge). Full detail in the cookie notice.

Email correspondence

If you email us, we process your message and reply. We keep messages for the time needed to handle the matter and for a reasonable period afterwards for reference (typically up to 24 months for general queries, longer where the matter touches a legal or regulatory obligation).

  • Legal basis: Article 6(1)(b) GDPR (taking steps in response to a request you initiated) or 6(1)(f) (legitimate interests), depending on the context.

Mailing list (optional, opt-in)

If you sign up at /subscribe/ we will email you when a new guide, script, or tool is published. The list runs on Listmonk on our own infrastructure at lists.stackharden.com; the email itself is delivered by a transactional SMTP provider (see Processors below).

What we collect:

  • Email address — to deliver the messages. Mandatory.
  • Name — optional; used only to personalise the greeting in emails.

What we do not do:

  • We do not track which emails you open.
  • We do not track which links you click.
  • We do not retain device or location information beyond the IP that signed up (recorded once, in the consent audit trail, never used for any other purpose).
  • We do not share the list with anyone outside the processors named in this notice.

Other details:

  • Legal basis: Article 6(1)(a) GDPR — your explicit consent, recorded through double opt-in (the confirmation link in the first email is required before you are actually subscribed).
  • Retention: Active for as long as you remain subscribed. After you unsubscribe, your address is retained only briefly to prevent accidental re-subscription; emailing [email protected] will result in full deletion within the GDPR one-month response window.
  • Withdrawing consent: Every email contains a one-click unsubscribe link. No reason required.

Article engagement (aggregate metrics)

Each guide has a “Was this useful?” widget at the bottom. When a visitor views a guide or clicks Yes / No, the widget sends a request to tools.stackharden.com to increment aggregate counters: views, “found useful” votes, “did not find useful” votes. Counters are kept per article, never per visitor.

What we do not collect through this widget:

  • No per-visitor identifier — there is no cookie, no logged-in user, no fingerprint.
  • No IP retention beyond a short in-memory rate-limit log that is dropped within five minutes.
  • No record of which articles you read or in what order.

Counter de-duplication is best-effort via the visitor’s own browser storage (see the cookie notice for the specific localStorage and sessionStorage keys). A visitor who clears storage can vote on the same article again, which is an accepted tradeoff for not collecting an identifier.

  • Legal basis: Article 6(1)(f) GDPR — legitimate interests (understanding which content readers find useful so we can prioritise future writing). The data is aggregate; the intrusion on any individual reader is negligible.
  • Retention: Per-article counters indefinitely; no per-visitor data retained at all.

Some articles include affiliate links — typically to VPS providers, privacy-first analytics tools, or books. We disclose affiliate links and we never recommend a product solely because an affiliate programme exists.

When you click an affiliate link, your browser sends standard referrer information to the destination. That referrer may include a partner ID that lets the destination credit us if you sign up. We do not share any other information about you with affiliate partners — we do not know who you are.

Processors and international transfers

The following third parties process data on our behalf:

Processor What they do DPA
Cloudflare, Inc. Hosting (Cloudflare Pages), CDN, DDoS protection for stackharden.com — sees all request metadata Cloudflare DPA
OVH SAS VPS infrastructure for tools.stackharden.com and lists.stackharden.com — holds the tool-usage log and the mailing-list subscriber records OVH DPA
Plausible Insights OÜ Cookieless web analytics (pageviews, referrers, aggregate browser / OS counts) — EU-hosted Plausible DPA
SMTP2GO Ltd Transactional email delivery for the mailing list (confirmation, broadcasts, unsubscribe) — EU endpoint where available SMTP2GO DPA
Internet Security Research Group (Let’s Encrypt) TLS certificate issuance — domain validation only, does not process visitor data Not applicable (no processor relationship)

For processors based outside the EEA, transfers are made under the provider’s published Standard Contractual Clauses or an equivalent mechanism under GDPR Article 46.

Your rights under GDPR

In respect of personal data we process about you, you have the right to:

  • Access — request a copy of the data we hold.
  • Rectification — correct inaccurate data.
  • Erasure — ask us to delete it (“right to be forgotten”).
  • Restriction — limit how we use it.
  • Portability — receive it in a structured, machine-readable form.
  • Object — to processing based on legitimate interests.
  • Withdraw consent — where processing relies on consent.

To exercise any of these, email [email protected]. We aim to respond within one calendar month, extendable by a further two months for particularly complex requests (Article 12(3) GDPR).

You also have the right to lodge a complaint with a supervisory authority — for visitors based in Ireland, that is the Data Protection Commission (dataprotection.ie). If you are based elsewhere in the EEA, you may complain to your local supervisory authority.

Children

This site is aimed at sysadmins, DevOps engineers, and IT-adjacent professionals. Its content is not directed at children and we do not knowingly collect personal data from anyone under 16.

Security

We apply the hardening practices documented across the guides to our own infrastructure. The CDN and origin both enforce TLS 1.2 / 1.3 with modern cipher suites; access to operational systems uses key-based authentication with multi-factor authentication where supported.

No system is perfectly secure. If you become aware of a security issue that may affect visitor data, please email [email protected].

Changes to this notice

We will update this page when our processing practices change. The date at the top of the page reflects the most recent update.

Date Change
2026-05-17 Initial publication.
2026-05-17 Added Plausible (cookieless) analytics; processor table updated; analytics section expanded.
2026-05-19 Scope widened to cover tools.stackharden.com + lists.stackharden.com. Added optional mailing list (Listmonk on our infrastructure; SMTP2GO for delivery). Processor table extended with OVH (VPS) and SMTP2GO (transactional email).
2026-05-22 Added “article engagement” section documenting the per-guide view counter and yes/no usefulness vote — aggregate only, no per-visitor identifier, no IP retention.