Earthwork

Privacy

What we collect, and what we don't.

Last updated 2026-05-06

We try to keep this short. The web has gotten worse for readers because privacy policies got longer; ours is the length it actually needs to be.

What we collect when you visit

Server access logs. Standard request information: IP address, user agent, request path, referrer, timestamp. Used for performance monitoring and to spot scraping bots. Logs roll over after 30 days.

Anonymous analytics. Page-view counts, bounce rate, scroll depth, country-level location. We use a privacy-respecting analytics provider (Plausible-style) that does not set cross-site cookies and does not track you across the web.

We do not use Google Analytics, Facebook Pixel, or any cross-site tracking pixel. Affiliate redirects pass through the affiliate networks (Amazon, Home Depot, etc.) and those networks may set their own cookies on the destination domain.

What we collect when you sign in

The editorial admin requires a Supabase Auth account. Editors and admins sign in to draft and publish posts. We store: your email address, a display name, and the metadata Supabase keeps for session management (auth tokens, last-seen timestamp). We do not request, collect, or store passwords; Supabase handles authentication.

What we never collect

Reader accounts, comment-form details, newsletter subscriptions through this site, ad-targeting data, social graph data, biometric data. The site is read-only for non-editor visitors.

Cookies

We use a single category of cookie: session cookies set by Supabase Auth, only on admin / auth routes. Public pages set no cookies. There's no consent banner because there's nothing to consent to on the public surface.

Your rights

Under GDPR (EU/UK) and CCPA (California) you can ask us to export, correct, or delete the data we hold about you. Email privacy@earthwork.co with the request and we'll respond within 30 days. You don't need to give a reason and there's no cost.

Data sharing

We share data with: Supabase (auth + database hosting), Vercel (web hosting + edge logs), the analytics provider named above, and the affiliate networks when you click through an outbound link. We do not sell data to anyone, including data brokers.

Children

The site isn't directed at children under 13. We don't knowingly collect data from anyone under that age. If you're a parent who believes we have, write to privacy@earthwork.co and we'll delete it.

Changes

When this policy changes meaningfully, we update the “last updated” date at the top and call out the change in a banner on the homepage for two weeks. Trivial copy edits don't bump the date.

Contact

Privacy questions: privacy@earthwork.co. Anything else routes through the contact page.