Privacy Policy

How this website handles visitor data. Short version: we collect nothing beyond what our hosting provider needs to serve the page.

Last updated: 23 April 2026
Effective date: 23 April 2026

Scope

This policy covers the perflocale.com website and its subdomains. It does not cover the PerfLocale WordPress plugin itself - if you're looking for information about what the plugin stores on your own WordPress site, see the plugin privacy documentation.

Throughout this policy, "we", "us", and "our" refer to the operators of the PerfLocale website. "You" refers to any visitor.

What we collect from visitors

The website is a static site: the server only sends HTML, CSS, JavaScript, and images to your browser. We do not:

  • Run any analytics service (no Google Analytics, no Plausible, no self-hosted tracker)
  • Use advertising networks or fingerprinting scripts
  • Operate contact forms, comments, newsletter sign-ups, or user accounts
  • Ship any cross-site or third-party tracking cookies
  • Sell, rent, or trade visitor data with anyone

The documentation search box on the site (Pagefind) runs entirely in your browser - the text you type into it is never sent to our servers.

Hosting, access logs, and Cloudflare cookies

The website is hosted on Cloudflare Pages with Cloudflare acting as our edge network and content-delivery provider. Cloudflare, as our data processor, may:

  • Record standard HTTP access logs (IP address, timestamp, requested URL, user-agent, referring page) for the purpose of security, abuse prevention, and troubleshooting. These logs are retained by Cloudflare according to their own schedule; we do not download or keep additional copies.
  • Set a small number of strictly-necessary cookies for security and bot-detection. The two you'll typically see are:
    • __cf_bm - Cloudflare's bot-management cookie. Expires after 30 minutes. Used to tell humans apart from automated traffic.
    • cf_clearance - Issued when a visitor passes a security challenge (rare, only for suspected automated access). Expires after 30 days.

We consider these cookies strictly necessary under GDPR Article 6(1)(f) – legitimate interest in securing the service – and they are not used for marketing, analytics, or profiling. If Cloudflare ever introduces new cookies or changes their purpose, we will update this page.

For more on what Cloudflare does with the data it processes on our behalf, see Cloudflare's privacy policy.

When you email us

If you email contact@perflocale.com - for privacy questions, general enquiries, or any of the contact points linked elsewhere on the site - we receive your email address, your name (if you include it), and the contents of your message. Responsible-disclosure reports go to security@perflocale.com and are covered by the same handling described here.

We use that information solely to reply, to coordinate if the message is about a security or bug report, and to credit you in a published advisory if you choose to be named. We don't add your address to any mailing list and we don't share it with third parties.

Correspondence is kept for as long as it's relevant - typically no longer than three years - and then deleted.

Third parties we rely on

In addition to Cloudflare (hosting), the website loads resources from the following third parties:

  • Google Fonts (if referenced in the stylesheet for web fonts) - subject to Google's privacy policy. Fonts are currently bundled locally where possible to minimize third-party requests.
  • GitHub - if you click through to our GitHub repository or issues page, you leave this site and GitHub's own privacy policy applies.

Links to other sites (documentation of integrated plugins, Cloudflare's own documentation, Wordfence, HackerOne, etc.) take you outside our control and we are not responsible for their data practices.

Your rights

If you are in the European Economic Area (EEA), the United Kingdom, Switzerland, California, or any other jurisdiction with comparable data-protection law, you have the right to:

  • Access any personal data we hold about you
  • Correct information that is inaccurate
  • Delete it (within the limits of what we're legally required to retain)
  • Restrict or object to processing
  • Data portability - receive a copy in a common machine-readable format
  • Withdraw consent - where processing is based on consent (none of the processing described above is consent-based, but the right still applies if that changes)
  • Complain to a supervisory authority - in the EEA, your national data-protection authority; in the UK, the Information Commissioner's Office; in California, the California Privacy Protection Agency

In practice, because we hold very little about most visitors (no account, no analytics profile), an access or deletion request is usually trivial: we have nothing stored beyond Cloudflare's access logs, and Cloudflare rotates those on its own schedule.

To exercise any of these rights, email contact@perflocale.com with "Privacy request" in the subject line. We aim to respond within 30 days.

Children

The website is a developer-focused documentation and marketing site; it is not directed at children under 16. We do not knowingly collect information from anyone under 16. If you believe a child has contacted us, email contact@perflocale.com and we will delete the correspondence.

Security

The website is served over HTTPS with HSTS, has no write paths (no forms, no login, no API that accepts user input), and uses a strict Content-Security-Policy header. We publish a separate security policy covering the plugin itself with a responsible-disclosure contact.

Retention at a glance

Data Who holds it For how long
HTTP access logs (IP, URL, timestamp, user-agent)CloudflarePer Cloudflare's schedule (typically ≤ 30 days at the edge)
__cf_bm cookieCloudflare / your browser30 minutes
cf_clearance cookie (rare)Cloudflare / your browser30 days
Emails you send us (general enquiries, security reports, privacy requests)UsUp to 3 years after the matter is resolved, then deleted
Anything else (analytics, newsletters, accounts)NobodyNot collected

International transfers

Cloudflare routes traffic through its global network; access logs are processed at whichever Cloudflare data centre served your request. If you are in the EEA or UK and the processing happens outside that area, Cloudflare relies on its own Standard Contractual Clauses and the applicable adequacy decisions. See the Cloudflare GDPR trust hub for their current safeguards.

Changes to this policy

If we add analytics, a newsletter, a contact form, or any other feature that changes what this website processes, we will update this page and update the "Last updated" date at the top. Material changes will be flagged prominently for at least 30 days. The current and historical versions of this policy are recorded in the public commit history of the website repository, so you can audit the exact wording at any point in time.

Contact

Questions about this policy or about how your data is handled on this website:

Email: contact@perflocale.com
(Use the subject line "Privacy request" for any right-of-access, deletion, or objection request.)