Secure Roamer

Practical security intel for independent travelers

Privacy Policy

_Last updated: 18 September 2024_

We operate Secure Roamer with a privacy-first mindset. We collect only the information needed to publish content, maintain security, and keep you updated. This policy explains what data we gather, how we use it, and how you can exercise your rights.

Information We Collect

Site analytics. We run Plausible Analytics in self-hosted mode. It gathers aggregated metrics such as page views, referrers, and browser types without setting cookies or storing personal data.

Email communication. When you contact us or subscribe to updates, we store your email address, message content, and metadata required to respond (timestamps, IP at send time). We retain this data for 24 months unless you request deletion sooner.

Form submissions. The contact form uses FormSubmit, which relays your message to our inbox. FormSubmit stores submissions temporarily for delivery troubleshooting. Review their policy before sending sensitive data.

Server logs. Our web server maintains logs containing IP addresses, user agents, and requested resources. Logs rotate every 14 days and are retained for security investigations only.

How We Use Data

  • Respond to your questions, service requests, or editorial pitches.
  • Detect abuse, intrusion attempts, or unusual traffic patterns.
  • Send opt-in updates or alerts you requested.
  • Generate aggregate reports that inform future content.

We never sell your data or share it with advertisers. If we work with contractors (for example, a developer or security auditor), they sign NDAs and access only the minimum data required for the project.

Your Choices

  • You can request a copy of the personal information we store by submitting the contact form.
  • You can ask us to delete your data, and we will confirm once the request is complete.
  • You may opt out of any mailing list via the unsubscribe link or by reaching out through the contact form.

Cookies and Tracking

We do not set marketing cookies. Embedded services—such as maps or scheduling tools you choose to activate—may use their own cookies. We clearly label any embeds that rely on third-party services.

Data Security

We maintain TLS encryption across the site, enforce strong authentication on administrator endpoints, and rotate credentials quarterly. Backups are encrypted at rest and in transit. If we detect a breach that impacts your data, we will notify you within 72 hours.

International Transfers

Our infrastructure is hosted in the United States. If you access the site from another region, your data may be transferred or processed in the U.S. We rely on Standard Contractual Clauses for any vendor relationships that handle EU user data.

Policy Updates

We review this policy at least twice a year. Material changes will be announced on the homepage and via our newsletter. Continued use of the site after updates constitutes acceptance of the revised policy.

Questions about this policy? Reach out via the contact form and we will respond promptly.