Privacy

The short version

• The 3D experience records a little anonymous usage data so I can see how people explore it.
• There are no cookies, no ad networks, and nothing is shared with or sold to anyone.
• Everything is first-party. The only company involved is Amazon Web Services, which hosts the server the site runs on. No data is shared with anyone else.
• If you'd like anything removed, just get in touch.

What gets logged

As you move through the 3D experience, the site sends small, anonymous notes to its own server describing what happened. Each note can include:

• An interaction event — for example entering or leaving the 3D experience, opening a framed piece, greeting a passerby, or finding a hidden easter egg.
• A timestamp — when the interaction happened.
• Your browser's preferred language (such as en-US), so I can get a rough sense of the languages visitors use.
• A short-lived random identifier — a value produced by a small "proof-of-work" check the browser runs on load. It lets the separate events from a single visit be read as one timeline. It is not tied to your name or identity, it is stored only in your browser's per-tab session storage, and it expires after 24 hours.

In addition, like virtually every website, the web server keeps standard access logs of incoming requests. These can include your IP address, the time of the request, and your browser's user-agent string. This is ordinary server housekeeping, not a separate tracking system.

The site does not ask for or collect your name, email, or any other personal details unless you choose to send them to me yourself (for example by using the contact page).

Why I collect it

• To understand the experience. Knowing which pieces people open and how they move through the space helps me improve it.
• To keep the bots out. The proof-of-work check is a gentle deterrent against the simplest automated crawlers, so the experience is built for real visitors.
• To keep the site healthy. Standard server logs help with security and troubleshooting.

Legal basis

Where the GDPR or similar laws apply, I rely on legitimate interests (Article 6(1)(f)): running privacy-respecting, first-party analytics on my own site and protecting it from abuse. The data is minimal, anonymous, never used to build a profile of you, and never shared. If you'd rather I didn't process your data at all, let me know and I'll honor that.

Cookies and storage

This site sets no cookies. The only thing it stores on your device is the short-lived proof-of-work identifier described above, held in your browser's session storage. It is cleared automatically when you close the tab, and in any case is treated as expired after 24 hours. Because it's strictly there to gate loading the experience and to keep bots out, it is not used to track you across the web.

Who sees the data

Only me. The site runs on a server I control, hosted on Amazon Web Services (AWS). AWS provides the underlying infrastructure on my behalf and may process the data as part of simply running the server, but it does not use it for its own purposes. Beyond that there are no third-party analytics services, no advertising partners, and no cross-site tracking of any kind. Nothing is sold.

How long it's kept

Server logs and usage notes are kept only as long as they're useful for the purposes above, and in any case for no longer than 365 days, after which they're deleted. The in-browser proof-of-work identifier expires far sooner, within 24 hours or when you close the tab.

Your rights

Depending on where you live, you may have the right to access, correct, or delete the data a site holds about you, or to object to its processing. Because what's collected here is anonymous and not linked to your identity, I usually can't single out an individual visitor's records, but I'm always happy to help where I can. Just reach out and I'll do my best.

Changes to this policy

If this policy changes, I'll update this page. It was last updated on 21 June 2026.