Skip to content

feat(legal): disclose Cloudflare Web Analytics in Privacy Policy#172

Merged
schmug merged 1 commit into
mainfrom
legal/privacy-add-cf-analytics
Apr 23, 2026
Merged

feat(legal): disclose Cloudflare Web Analytics in Privacy Policy#172
schmug merged 1 commit into
mainfrom
legal/privacy-add-cf-analytics

Conversation

@schmug
Copy link
Copy Markdown
Owner

@schmug schmug commented Apr 23, 2026

Summary

Follow-up to #171. The beacon-injection code is merged but inert until the `CF_ANALYTICS_TOKEN` wrangler secret is set. This PR adds the disclosure that has to land before the secret goes in, so analytics never runs without disclosure.

Changes

  • "What I collect" gets a new bullet: "Anonymized page views via Cloudflare Web Analytics — cookieless beacon, no cross-site tracking, no per-user profile. Skipped on /dashboard/*, /auth/*, and webhook endpoints."
  • "Why" gets: "Page views → know which pages are worth improving."
  • "How long I keep it" gets: "Page views (Cloudflare Web Analytics): aggregated only, no per-user record to delete."
  • Subprocessor line folds "Web Analytics" into the existing Cloudflare entry (same vendor — not adding a new third party).
  • Last updated bumps to 2026-04-24
  • Test: subprocessor test now also checks the CF Web Analytics disclosure and cookieless framing

Activation sequence after this merges

```
npx wrangler secret put CF_ANALYTICS_TOKEN

paste: 4fd7e22413e84811bd71ed466613bb26

```

Then verify live:
```
curl -sS https://dmarc.mx/ | grep cloudflareinsights
```

Test plan

  • `npm run lint` + `npm run typecheck` green
  • `npm test` — 680/680 passing across 42 files
  • HTML + markdown renderers updated in lockstep

\ud83e\udd16 Generated with Claude Code

@schmug @claude
feat(legal): disclose Cloudflare Web Analytics in Privacy Policy
bc7e734 
Now that the beacon-injection code has merged (PR #171), the Privacy
Policy needs to disclose Cloudflare Web Analytics before the
CF_ANALYTICS_TOKEN secret gets set and the beacon actually runs.

- Adds "Anonymized page views via Cloudflare Web Analytics" to the
  "What I collect" list, with cookieless/no-cross-site framing and a
  callout of the skipped paths
- Adds a "Page views → know which pages are worth improving" entry
  under "Why"
- Adds retention bullet: aggregated-only, no per-user record to delete
- Folds "Web Analytics" into the existing Cloudflare subprocessor entry
  (already the same vendor)
- Bumps Last updated to 2026-04-24
- Test: subprocessor list test gains a check for the Web Analytics
  disclosure and the cookieless framing

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@schmug schmug merged commit 2739d56 into main Apr 23, 2026
4 checks passed
@schmug schmug deleted the legal/privacy-add-cf-analytics branch April 23, 2026 23:26
@schmug schmug mentioned this pull request Apr 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@schmug