Temple Holidays
Policies

Privacy policy.

Last updated 2026-05-17. Plain language. No tracking pixels you can't see.

The short version

We collect three things: your email if you give it to us, anonymous analytics about which pages you read, and a session cookie if you log in. We use Resend to send mail, PocketBase to store accounts, Stripe to take payment, Cloudflare to keep the site online, and Google Analytics to count visitors. You can ask us to delete everything at any time by writing to [email protected]. We will do it within thirty days.

What we collect

  • Your email, if you subscribe to the newsletter, sign up for a free resource, contact us through the contact form, or buy a library subscription. We keep it until you ask us to remove it or until the relationship ends, whichever comes first.
  • A session cookie named th_session, if you log in. It is HTTP-only, expires after ninety days, and exists only to remember that you are signed in. It is not shared with any third party.
  • Anonymous analytics through Google Analytics 4. We see which pages were read, from where, on what device. We do not see who you are unless you tell us.
  • Stripe payment data if you subscribe. Stripe holds the card details. We never see them. We see your email, the subscription tier, and whether the subscription is active.

Who we share it with

Four vendors handle the moving parts:

  • Resend sends every email we send. They store your email address on their servers in the United States. Their privacy policy.
  • PocketBase stores subscriber accounts and contact messages. PocketBase runs on a server we operate at db.guidelove.org. Data lives there, not on a third-party SaaS.
  • Stripe processes payments. Your card details never reach us. Their privacy policy.
  • Cloudflare sits in front of the site, blocks bots, and serves cached pages. They see request metadata. Their privacy policy.
  • Google Analytics 4 counts visits. IP addresses are truncated before storage. Their privacy policy.

We do not sell any of it. We do not run advertising. We do not pass anything to data brokers.

How long we keep it

Newsletter subscribers stay on the list until they unsubscribe. Subscribers to the library stay in the user database until they ask us to delete the account, or until the subscription has been canceled for twenty-four months. Contact form messages are kept for two years and then deleted. Analytics events expire after fourteen months.

Cookies

Two cookies, both first-party:

  • th_session: identifies a logged-in subscriber. Expires after ninety days. HTTP-only.
  • _ga and _ga_ variants: Google Analytics. Anonymous. Truncated IP.

We do not use third-party advertising cookies. There is no consent banner because there is nothing to consent to beyond what is described above.

Your rights

You can ask us to:

  • Confirm what we hold about you.
  • Send you a copy of it.
  • Correct anything that is wrong.
  • Delete everything.
  • Stop using your data for anything beyond what is legally required.

Write to [email protected]. We respond within thirty days. If you are in the EU or UK and we have not, you can complain to your national data protection authority.

Security

The site runs on a private VPS in a Tier III European datacenter. The database is encrypted at rest. Traffic is HTTPS only. Stripe handles all card data so we never touch it. We rotate credentials when we should and not as often as we would like.

Changes to this policy

When this policy changes in a meaningful way, we will email every active newsletter subscriber and library subscriber before the change takes effect. We will not change it retroactively without telling you first.

Contact

Antonin Cohen, the editor. Reachable at [email protected]. Postal mail on request.

See also: Terms of service · Contact.