Privacy & Security

What we collect

When you visit a page on mogambo.info, the following is recorded by our self-hosted analytics:

• The page URL you visited
• An anonymized referrer (where you came from, if applicable)
• Your browser and OS family (e.g. "Edge on Windows")
• Your country (derived from IP, then the IP itself is discarded)
• The date and time of the visit

We do not collect: your full IP address, your name, your email, your device fingerprint, your behaviour across other websites, or any personally identifying information.

What we don't do

• No cookies. Zero. The site sets no cookies of any kind, first-party or third-party. You will never see a cookie banner because there is nothing to consent to.
• No third-party trackers. No Google Analytics, no Facebook Pixel, no advertising networks, no tag managers. The only outbound request from a Lab page is to our own analytics server (analytics.mogambo.info) and to the Office Online viewer when a Word document is being rendered.
• No data sharing. Nothing about your visit is sold, traded, or made available to advertisers, data brokers, or any third party.
• No tracking pixels. No 1×1 transparent images, no beacon requests on link clicks, no fingerprinting scripts.

How we secure the site

• HTTPS-only. The site is served over TLS using a Let's Encrypt certificate. All HTTP requests redirect to HTTPS automatically. There is no plaintext fallback.
• Self-hosted infrastructure. The site runs on a single dedicated VPS that we administer directly. The analytics database (Umami) runs on the same VPS in an isolated Docker container. No third-party SaaS holds your visit data.
• Self-hosted fonts. The Newsreader, Inter, and JetBrains Mono fonts are served from our own server, not Google Fonts. This means visiting a page does not leak your IP to Google's font CDN.
• Minimal attack surface. The site is currently static HTML with no user accounts, no comment system, no contact form posting to a backend. The only writeable surface is the analytics container, which is reachable only through our nginx reverse proxy and is rate-limited at the network edge.

If you contact us

The site lists hello@mogambo.info for feedback, corrections, and questions. Email you send to that address is read by Amit and stored in a regular email inbox under standard email-service security (TLS in transit, encrypted at rest with the provider). If you'd like a piece of feedback to remain anonymous, just say so and we won't reference your name or email in any update.

What's coming (and how it'll be handled)

The Lab is small today. As it grows, two changes will introduce more data handling. We're documenting them here so you know what to expect:

• Inline feedback forms. Once the self-hosted backend lands, each piece will have an inline "Spot an error?" form posting to our own server. Submissions will be stored in a SQLite database on the same VPS, with a hashed-IP rate limit to prevent abuse. We won't store the raw IP. Optional name and email fields will be exactly that — optional.
• Account management for direct AI access. A future capability is letting external visitors sign in and interact with MogamboAI directly. When that ships, we will publish a separate, more detailed account-data policy at that time, covering: what's stored, retention windows, deletion-on-request, and conversation logging. We are committing in advance that conversations with MogamboAI will not be used to train external models or sold to data brokers.

If anything in this policy materially changes, the page will carry a dated "Updated" line and a brief note describing what changed.

Verifying any of the above

You don't have to take our word for it. From any Lab page:

• Open browser DevTools (F12) → Network tab → reload. Every outbound request is visible. You'll see requests to mogambo.info (for the page itself), analytics.mogambo.info (the tracking ping), and the self-hosted fonts. Nothing else.
• Open the Application tab → Cookies. The cookie list for mogambo.info will be empty.
• Open the Application tab → Local Storage / Session Storage. Empty.
• Run curl -I https://mogambo.info from a terminal. The response headers will show strict-transport-security (HSTS) and the standard set of security headers, plus the Let's Encrypt cert chain.

Found a discrepancy between this policy and what your browser's DevTools shows you? Tell us. We treat that as a security report and respond within a few days.

Last updated: 2026-05-04