Privacy Policy

Last updated: December 7, 2025

Overview

Secrets Observatory is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

Information We Collect

Email Subscription

If you choose to subscribe to our email newsletter, we collect:

• Email address: Used solely to send you information about news and updates and to count subscribers
• Subscription date: To track when you joined our mailing list

We do not collect:

• Your name (unless you voluntarily provide it)
• Any other personal information beyond what's necessary for the subscription (unless you voluntarily provide us with an information relevant for improvment of your experience)

Analytics

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Our configuration ensures:

• Cookie consent required: Clarity is only initialized after you explicitly accept cookies via our consent banner
• Your choice matters: If you reject cookies, no analytics tracking occurs and Clarity is not loaded
• Transparency: We're open about using Microsoft Clarity for understanding user behavior
• Data protection: Sensitive information is automatically masked in session recordings

Detailed Data Collection by Microsoft Clarity

When you consent to cookies, Microsoft Clarity collects the following types of data:

1. Metadata (Envelope Data):

• Session identifiers (Project ID, User ID, Session ID, Page Number)
• Timestamp information (Start Time, Duration, Sequence)
• Version and upload information

2. User Interactions (Analytics Data):

• Interaction events: Clicks, scrolls, mouse movements, window resizes, text selections, input interactions (with sensitive data masked)
• Diagnostic events: JavaScript errors, image loading errors, console logs, performance metrics
• Page events: Document dimensions, page visibility changes, page unload events, viewport metrics
• Custom events: Custom tags we set (post title, post slug, page type, reading time, scroll depth)

3. Page Structure (Playback Data):

• DOM structure: HTML elements, their positions, relationships between elements
• Layout information: Element attributes, dimensions (width and height), CSS selectors
• Content: Text content within elements (automatically masked for privacy-sensitive fields like passwords, credit cards, emails)
• Visual changes: DOM mutations and updates over time for session replay

4. Technical Information:

• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution and viewport size
• Referrer URL (where you came from)
• Geographic location (country/region level, derived from IP address)

What is NOT collected:

• Your name (unless you voluntarily enter it in a non-masked field)
• Unmasked passwords or payment information
• Content from privacy-sensitive input fields (automatically masked)
• Personal data from masked form fields

How We Use This Data

The data collected by Microsoft Clarity is used to:

• Improve user experience: Understand how visitors navigate and interact with our content
• Identify usability issues: Detect broken links, errors, and areas of confusion through session replays
• Optimize content: Understand which posts are most engaging and how readers consume content
• Detect technical issues: Identify JavaScript errors, performance problems, and browser compatibility issues
• Understand audience: Learn about visitor demographics, device usage, and traffic sources
• Measure engagement: Track reading time, scroll depth, and interaction patterns

Data Retention

Microsoft Clarity retains different types of data for different periods:

• Session Replay Data: Automatically deleted after 30 days (visual recordings of how you interact with the site)
• Click Data & Heatmaps: Retained for 13 months (aggregated data such as URLs visited, user IDs, click positions, scroll depth)
• Favorited/Labeled Sessions: Retained for 13 months (sessions we specifically mark for review to investigate usability issues)
• Automatic Deletion: All data on Microsoft servers, including backups, is permanently deleted after the retention period and cannot be recovered

You can request deletion before the retention period ends by contacting us through the Feedback page.

Note: Session replays (the most privacy-sensitive data) are automatically deleted much faster than aggregate analytics.

Session Replay & Automatic Data Masking

Microsoft Clarity records visual replays of user sessions to help us understand how visitors interact with our site. However, Clarity automatically protects your privacy by masking sensitive information:

What is automatically masked (hidden):

• Input fields marked as sensitive (passwords, credit cards, social security numbers)
• Email addresses entered in forms
• Phone numbers
• Personal identification information
• Any content you mark as private through HTML attributes

What we can see in session replays:

• Mouse movements and click locations
• Pages visited and navigation patterns
• Scroll behavior and reading patterns
• Publicly visible content (blog post text, navigation menus)
• General layout and visual interactions

What we CANNOT see:

• Passwords you type (always masked)
• Credit card numbers (always masked)
• Personal information entered in forms (masked by default)
• Private or sensitive data in masked fields

Session replays help us identify usability issues, broken links, confusing navigation, and areas where improvements are needed.

Data Retention

• Session Replays: Automatically deleted after 30 days
• Click Data & Heatmaps: Automatically deleted after 13 months
• Favorited/Labeled Sessions: Automatically deleted after 13 months
• Cookie Consent: Stored locally in your browser indefinitely (you control this)
• Early Deletion: Request deletion anytime via our Feedback page

Your Privacy Rights

• Control your cookies: Accept or reject cookies via our consent banner (appears on first visit)
• Change your mind: Clear your browser's localStorage to reset consent and see the banner again
• Opt-out anytime: Reject cookies to stop all Clarity tracking immediately
• No tracking without consent: Clarity never loads unless you explicitly accept cookies

How We Use Your Information

Email Addresses

Your email address is used exclusively to:

• Send notifications about news and updates
• Maintain our subscriber list
• Respond to your inquiries and feedback

We will never:

• Sell your email address to third parties
• Share your email with advertisers or marketers
• Send promotional or commercial emails unrelated to our updates
• Use your email for any purpose other than our notifications, newsletters and similar

Third-Party Services

We may use third-party services for email delivery (such as Mailchimp, Buttondown, or similar). These services are bound by their own privacy policies and are required to protect your data. We choose only reputable, privacy-conscious providers.

Data Storage and Security

• Email addresses are stored securely using industry standards
• We implement appropriate technical and organizational measures to protect your data
• We retain your email only as long as you remain subscribed

Your Rights

Under GDPR and other privacy regulations, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw your consent at any time by:
  • Clearing your browser's localStorage (removes cookie consent)
  • Contacting us to request data deletion
• Unsubscribe: Opt out of email communications at any time
• Update your information: Correct or update your email address

To exercise any of these rights, contact us via the Feedback page. We will respond to your request within 30 days as required by GDPR.

For Microsoft Clarity data: Since Microsoft processes this data, you can also exercise your rights directly with Microsoft through their Privacy Statement and privacy request mechanisms.

RSS/Atom Feed

Our RSS/Atom feed (feed.xml) does not collect any personal information. Feed readers access the feed directly, and we have no visibility into who subscribes via RSS.

Cookies

This website uses browser storage mechanisms to provide functionality and analytics. We distinguish between essential storage (no consent required) and analytics cookies (consent required).

Essential Storage (No Consent Required)

These storage items are necessary for basic website functionality and are exempt from GDPR consent requirements under the "strictly necessary" exception:

• localStorage.theme
  • Purpose: Remembers your light/dark mode preference
  • Type: Browser localStorage (not a cookie)
  • Data stored: String value: "light" or "dark"
  • Duration: Persists indefinitely until manually cleared
  • Legal basis: Legitimate interest (essential functionality)
• localStorage.cookieConsent
  • Purpose: Records your analytics cookie preference to avoid showing the consent banner repeatedly
  • Type: Browser localStorage (not a cookie)
  • Data stored: String value: "accepted" or "rejected"
  • Duration: Persists indefinitely until manually cleared
  • Legal basis: Legitimate interest (consent management)

Analytics Cookies (Consent Required)

These cookies are set by Microsoft Clarity only after you explicitly accept cookies via our consent banner:

• _clck (Clarity Cookie)
  • Purpose: Persists the Clarity user ID across browsing sessions
  • Set by: Microsoft Clarity (clarity.ms domain)
  • Type: First-party cookie
  • Data stored: Pseudonymous user identifier (alphanumeric string)
  • Duration: 1 year from last activity
  • Used for: Connecting sessions from the same user over time, enabling longitudinal behavior analysis
• _clsk (Clarity Session Cookie)
  • Purpose: Connects actions within a single browsing session
  • Set by: Microsoft Clarity (clarity.ms domain)
  • Type: Session cookie
  • Data stored: Pseudonymous session identifier (alphanumeric string)
  • Duration: Session duration (deleted when browser closes)
  • Used for: Linking page views, clicks, scrolls within one session for session replay and heatmaps

What Happens When You Accept Cookies

If you click "Accept" on our consent banner, Microsoft Clarity loads and:

• Sets the _clck and _clsk cookies described above
• Begins recording session data (page views, clicks, scrolls, mouse movements)
• Creates session replays with automatic masking of sensitive information (see Session Replay section)
• Generates aggregate heatmaps showing where users interact most
• Sends data to Microsoft's servers (see Data Processing section)

What Happens When You Reject Cookies

If you click "Reject" on our consent banner:

• Microsoft Clarity is never loaded on any page
• No _clck or _clsk cookies are set
• No session recordings or analytics tracking occurs
• Only essential localStorage items (theme, consent preference) remain
• Your experience is fully functional—analytics is optional

Managing Cookies

You can control cookies through multiple methods:

• Consent banner: Click "Accept" or "Reject" when you first visit (or after clearing storage)
• Change your mind: Clear your browser's localStorage and cookies to reset preferences and see the consent banner again
• Browser settings: Configure your browser to block third-party cookies or all cookies (note: this may break other websites)
• Clarity opt-out: You can also opt out directly through Microsoft Clarity's opt-out page

Important: We never use advertising, marketing, or social media cookies. The only third-party cookies we set are from Microsoft Clarity for analytics, and only with your consent.

Children's Privacy

This website is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the email subscription after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or how we handle your data, please contact us through the Feedback page.

Legal Basis (GDPR)

For users in the European Union, we process your personal data under the following legal bases as defined by GDPR:

1. Consent (Article 6(1)(a) GDPR)

• Email subscription: We collect and process your email address based on your explicit consent when you voluntarily subscribe to our newsletter
• Analytics cookies (Microsoft Clarity): We only activate Clarity tracking after you explicitly accept cookies via our consent banner. This includes:
  • Session recordings with automatic sensitive data masking
  • Behavioral metrics and heatmaps
  • User interaction data
  • Technical and device information

2. Legitimate Interest (Article 6(1)(f) GDPR)

• Theme preference storage: We store your dark/light mode preference in browser localStorage to provide essential website functionality. This does not involve personal data and serves the legitimate interest of providing a better user experience
• Basic visitor counting: We use privacy-preserving, consent-free methods (localStorage) to count visitors without collecting personal data or tracking across sessions

Data Processing by Microsoft

When you consent to analytics cookies, Microsoft acts as a data processor on our behalf. Microsoft processes your data under our instructions and in compliance with GDPR requirements. Microsoft's data processing practices are governed by:

• Microsoft Privacy Statement
• Microsoft's Data Processing Agreement (DPA)
• Standard Contractual Clauses (SCCs) for international data transfers

Your Right to Withdraw Consent

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw consent:

• Clear your browser's localStorage to reset cookie preferences
• Contact us via the Feedback page to request data deletion
• Unsubscribe from email communications using the unsubscribe link in any email