Privacy
What data PleadOrMax collects, why, and how it is stored. In plain language, no cookie-banner theatre.
Summary
- We use Google Analytics 4 for aggregate visit metrics.
- We use a first-party real-user-monitoring script for latency measurement.
- No login. No account creation. No personal identifiers are stored on our servers.
- The site is served statically from a Coolify origin behind Cloudflare; access logs at the CDN edge are retained per Cloudflare’s policy.
What is collected
Google Analytics 4
Aggregate visit metrics — page views, session duration, referrer, approximate country.
GA4 fires from a gtag.js tag loaded on every page. We use it to understand which content readers engage with (which pages, which offences in the simulator, whether the cost calculator gets used).
GA4 assigns each browser a random client ID and stores it in a first-party cookie (_ga) for 24 months by default. IP addresses are used by Google only to derive approximate country/city, then discarded (IP anonymisation is Google’s default on GA4).
Custom events we fire: simulator_offence_change, comparator_offence_change, cost_offence_change — each carries the selected offence id and nothing else.
To opt out of GA4 site-wide: install the Google Analytics Opt-out Browser Add-on or use any tracker-blocker (uBlock Origin, Brave built-in, etc.).
Real-user monitoring
Page-load latency + web-vitals + JavaScript error rate.
A small first-party script (panel.bazookaemail.com/rum/v1.js) measures page-load timings and reports web-vitals numbers back to our monitoring dashboard. It does not send any content of the page, form inputs, cursor tracks, or session recordings.
Server & CDN logs
Standard request logs at the origin + Cloudflare edge.
The origin server (Coolify on Hetzner) records access logs — IP, path, user-agent, response code — for the current session and up to 7 days for debugging.
Cloudflare, as our CDN, retains its own edge logs per its policy. We do not have access to raw Cloudflare log lines; we only see aggregate zone-level analytics.
Sentry error tracking
Server-side and client-side exception reports.
When the site throws a JavaScript error, a compact error report is sent to our self-hosted GlitchTip instance (Sentry-protocol). Reports include the error message, stack trace, URL, and browser/OS — no form input values, no cookie contents.
What is not collected
- No login, no account, no password.
- No cross-site tracking pixels beyond what GA4 uses (which is a single first-party cookie).
- No advertising, no affiliate links, no third-party ad networks.
- No session replay, no keystroke tracking, no clipboard capture.
- The cost calculator and simulator run entirely in your browser — the numbers you enter are never sent to any server.
Your rights (PDPA + GDPR)
If you would like GA4 to forget your visit, use the browser opt-out linked above or clear the _ga cookie in your browser.
If you have written to us (see contact) and would like the correspondence deleted, email privacy@pleadormax.com. We do not otherwise store personally identifying information.
Changes to this policy
If we change what is collected or how it is stored, this page will be updated and the change will be logged in the methodology changelog. Last updated: 2026-07-14.