Last updated: June 2026
This page explains what data we collect, how we use it, and which third parties we hand it to. We've kept it short — there isn't much.
On the public side: nothing personal. We don't ask you to sign in to browse; the comment and feedback forms include only the name, (optional) email, and message you type in. You are never under any legal duty to give us information — anything you type into a form here is provided voluntarily, and is used only to display your comment or answer your message. To rate-limit spam, comment and feedback submissions also store a salted hash of your IP address (the address itself is not kept). Server logs hold only the data your browser already sends with every request (IP, user-agent, time). The admin side stores the collector's email in a session cookie scoped to /admin only. One more public-side note: if an on-site search returns no results, we log only the typed query text — never tied to you, with email-like input dropped — kept in aggregate so we can see what content visitors want that we don't have yet.
Functional by default: small cookies remember your language ('spintop_lang'), theme ('spintop_theme'), and collection view preferences ('spintop_collection_prefs') for up to a year, and localStorage holds interface preferences, tiny game progress, and your analytics-consent choice. We do NOT use advertising cookies. The optional analytics (Umami, Microsoft Clarity) set their own cookies only after you accept them in the banner — decline and they never load.
The site is hosted on Cloudflare and images are served from Cloudflare R2 (a few legacy images still come from Cloudinary); the catalog, comments, and feedback live in Supabase; notification emails go through Resend. Only if you consent in the cookie banner do we also load analytics — Umami Cloud (privacy-respecting, no cookies, anonymised IPs), Microsoft Clarity (heatmaps and session replay, with text input masked), and Cloudflare Analytics Engine (non-identifying usage events — the action, plus the language and theme of the page — kept for 90 days). You can decline, and withdraw consent any time by clearing site data. Each service has its own privacy policy.
Approved comments are kept indefinitely (they're part of the public site). Pending comments older than 30 days that we never approve are deleted automatically. Feedback messages are kept until they're handled. Server logs roll over with our hosting provider's defaults. The zero-result search log keeps only aggregate counts (query text + a tally), admin-only.
Under Israel's Protection of Privacy Law, 1981, you may review the data we hold about you and ask us to correct or delete it. If you posted a comment and want it removed, or want a copy of any data we hold about you, contact us — see below.
Questions about this policy go to noam248@gmail.com. We try to reply within a few days.