Add privacy policy

[danmooney]

Summary by CodeRabbit

• New Features
  • Added a comprehensive privacy policy page covering data collection, usage, cookies/tracking, third-party services, data retention, user rights, and contact information.
  • Added a privacy policy link in the site footer and a short affiliate disclosure paragraph.
  • Privacy page includes a contact link and a “Back to converter” navigation link for easy access.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3f89c017-e0e3-46a6-bdd1-526fd9b3494f

📥 Commits

Reviewing files that changed from the base of the PR and between 549023f and 5971517.

📒 Files selected for processing (1)

• public/privacy.html

🚧 Files skipped from review as they are similar to previous changes (1)

• public/privacy.html

---

📝 Walkthrough

Walkthrough

This PR adds a privacy policy page to dict2json.com. A new public/privacy.html file contains complete policy documentation with sections covering data collection, usage, cookies, affiliate links, third-party services, data retention, and user rights. The page includes an inline script that de-obfuscates a contact email. The homepage footer is updated with affiliate disclosure and privacy policy links, and .gitignore is configured to track the new privacy page despite the existing public/* ignore rule.

Changes

Privacy Policy Addition

Layer / File(s)	Summary
Privacy policy page with email de-obfuscation public/privacy.html	Complete privacy policy document with structured sections covering information collection, usage, cookies/tracking, affiliate links, third-party services, data retention, user rights, children's privacy, policy updates, and contact. Includes inline script that de-obfuscates and renders a contact email as a mailto link using data-u and data-d attributes.
Homepage footer and git tracking configuration public/index.html, .gitignore	Homepage footer updated with affiliate disclosure and privacy policy link. .gitignore exception added for public/privacy.html to ensure the file is tracked despite the broader public/* ignore pattern.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

📜 A privacy promise penned with care,
From footer links to email fair,
Data treated with gentle hands,
Obfuscated as policy demands! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add privacy policy' accurately and directly reflects the main objective of the changeset, which adds a complete privacy policy page and related updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

public/index.html (1)

97-104: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Gate analytics initialization behind explicit consent.

Line 97 and Line 103 load/configure GA unconditionally. For jurisdictions requiring opt-in (e.g., EEA/UK), this is a compliance risk; analytics should initialize only after consent is granted.

Minimal gating pattern

-    <script async src="https://www.googletagmanager.com/gtag/js?id=G-QFE6TJB3X9"></script>
-    <script>
-      window.dataLayer = window.dataLayer || [];
-      function gtag(){dataLayer.push(arguments);}
-      gtag('js', new Date());
-
-      gtag('config', 'G-QFE6TJB3X9');
-    </script>
+    <script>
+      // Load and configure analytics only after consent = true
+      function loadAnalytics() {
+        var s = document.createElement('script');
+        s.async = true;
+        s.src = 'https://www.googletagmanager.com/gtag/js?id=G-QFE6TJB3X9';
+        document.head.appendChild(s);
+        window.dataLayer = window.dataLayer || [];
+        function gtag(){dataLayer.push(arguments);}
+        window.gtag = gtag;
+        gtag('js', new Date());
+        gtag('config', 'G-QFE6TJB3X9');
+      }
+      // call loadAnalytics() only after user opt-in
+    </script>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@public/index.html` around lines 97 - 104, The GA snippet currently
unconditionally injects the external script and calls gtag('config', ...) (the
script tag, window.dataLayer, gtag function and gtag('config', 'G-QFE6TJB3X9'))
— change this so the external script is only loaded and gtag('config', ...) is
only executed after explicit user consent is recorded; implement a consent-gated
loader that checks your consent state (e.g., a consent API or cookie), and if
consent is granted dynamically inject the googletagmanager script tag and then
initialize window.dataLayer and call gtag('js', new Date()) and gtag('config',
'G-QFE6TJB3X9'); ensure no GA network/network calls occur before consent by
removing the static async script tag and moving all init logic into the consent
callback that triggers the loader.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@public/privacy.html`:
- Around line 27-29: Update the list item text "Anonymous usage analytics via
Google Analytics and Google Tag Manager (page views, session duration,
approximate location, device type)" to avoid claiming full anonymity: change
"Anonymous" to "Pseudonymous" and mention that GA/GTM may use pseudonymous
identifiers (e.g., cookies, advertising IDs) and IP-derived metadata for
approximate location; also update the related retention wording around the
current lines 71-72 to state the exact configured data retention period for
analytics (replace vague phrasing with the precise number of months/period used
in your GA/GTM settings) so both the analytics description and retention period
are accurate and consistent.

---

Outside diff comments:
In `@public/index.html`:
- Around line 97-104: The GA snippet currently unconditionally injects the
external script and calls gtag('config', ...) (the script tag, window.dataLayer,
gtag function and gtag('config', 'G-QFE6TJB3X9')) — change this so the external
script is only loaded and gtag('config', ...) is only executed after explicit
user consent is recorded; implement a consent-gated loader that checks your
consent state (e.g., a consent API or cookie), and if consent is granted
dynamically inject the googletagmanager script tag and then initialize
window.dataLayer and call gtag('js', new Date()) and gtag('config',
'G-QFE6TJB3X9'); ensure no GA network/network calls occur before consent by
removing the static async script tag and moving all init logic into the consent
callback that triggers the loader.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: df8f4c5e-7e9c-4dc2-9501-ebc2d4a1c569

📥 Commits

Reviewing files that changed from the base of the PR and between 89c8773 and 549023f.

📒 Files selected for processing (3)

• .gitignore
• public/index.html
• public/privacy.html