Transparency Report

niallbell.com Stats

100% Private, Zero-Tracking

Sessions

...

View site activity →

Built with a Privacy First philosophy. No cookies, no profiling, and zero tracking.

Detecting GPC Signal...

This page is a live look at my site activity since May 2026, when these privacy-oriented changes were implemented. Unlike the vast majority of the web, niallbell.com is built with a "Privacy First" philosophy. I believe that your browsing habits are your own business, not mine or any advertiser's.

Zero Cookies

I don't use cookies to track you. There is no unique identifier stored in your browser that can be used to follow you across sessions or other websites.

No Profiling

I don't collect data on your age, gender, location, or interests. I have no idea who you are or what device you are using.

No IP Logging

Your IP address is never stored in my database. The data collected is fully anonymized at the point of collection.

No Trackers

There is no Google Analytics, no Meta Pixel, and no ad-tech scripts here. Your data is not being sold or shared with anyone.

GPC Signalling

Global Privacy Control (GPC) is a modern web standard that allows you to set a single, global preference in your browser to opt-out of tracking and data selling across all websites you visit.

I have technically configured this site to detect and honor GPC signals. If you have it enabled, you'll see a green "Active" confirmation in the card at the top of this page.

Learn how to enable GPC →

How I count visitors

When you load a page, a single request logs the URL and page title to a SQLite database I own and control entirely, hosted on Val.town, a small, independent developer platform. That's it. No data is stored beyond the URL, title, and timestamp. No IP address, no fingerprint, no cookies.

The site activity data is fully public. I don't look at anything you can't see yourself. There are no third-party data companies, no ad platforms, and no data sharing.

View Site Activity →

Why I count visitors

This site is a place for my photography, writing, and projects. Knowing which pages and galleries people visit most helps me understand what work is resonating — whether that's a particular wildlife gallery, a blog post, or a set of prints. It informs what I spend time creating and improving, without me needing to know anything about who you are.

Form Submissions

When you use the enquiry forms on this site (such as for photo prints), the information you provide is sent to me via Web3Forms. This is a technical intermediary that allows me to receive your messages without running a complex database-driven backend. They do not sell your data, and your information is only used for the purpose of responding to your specific request.

Anti-AI Scraping

In addition to human privacy, I also value the integrity of my creative work. This site employs meta tags and headers to signal to AI crawlers that my content and photography should not be used for model training without my explicit permission.

Content Security Policy

A Content Security Policy (CSP) is a browser instruction that restricts what resources a page is allowed to load and where it can send data — a meaningful defence against cross-site scripting and data injection attacks. This site has a CSP implemented via a meta tag.

The following directives are active:

  • base-uri 'self' — prevents attackers injecting a <base> tag to hijack relative URLs.
  • form-action 'self' https://api.web3forms.com — forms can only submit to this site or the trusted contact form handler.
  • connect-src — restricts fetch/XHR requests to only the trusted endpoints this site uses: Web3Forms, Val.town, jsDelivr (CesiumJS assets), CARTO, and Esri (map tiles).
  • frame-src — embedded iframes are limited to YouTube, Vimeo, and Kuula.

Two common CSP recommendations cannot be implemented here, for practical reasons:

  • frame-ancestors (clickjacking protection) — this directive only works as an HTTP response header sent by the server. This site is hosted on GitHub Pages, which does not allow custom response headers to be configured. It cannot be set via a meta tag.
  • Removing 'unsafe-inline' — many page features (galleries, maps, interactive elements) currently rely on inline scripts embedded directly in the HTML templates. Removing 'unsafe-inline' requires consolidating these into external script files, which is an active work in progress. Once complete, this will be removed from the policy.
  • 'unsafe-eval' and 'wasm-unsafe-eval' — the CesiumJS library that powers the Photo Map uses WebAssembly and code evaluation internally, which requires these directives. They are necessary for the 3D globe to function and only affect the map page.

Data Transparency

A "Zero-Tracking" site doesn't mean zero network requests. To provide a rich experience, this site communicates with a few trusted external services. You can verify these in your browser's "Network" tab at any time:

  • Imgur: Hosts high-resolution photography. Data sent: Request for image file. No cookies.
  • CARTO (CartoCDN): Provides label overlay tiles on the Photo Map. Data sent: Request for map tile images. No cookies.
  • Esri / ArcGIS Online: Provides satellite imagery on the Photo Map. Data sent: Request for map tile images. No cookies.
  • jsDelivr (cdn.jsdelivr.net): Serves the CesiumJS library that powers the 3D globe on the Photo Map. Data sent: Request for script and asset files. No cookies.
  • Val.town: Logs page visits. Data sent: Page URL, page title, and timestamp. No IP, no cookies, no third-party access.
  • Web3Forms: Transmits enquiry messages. Data sent: Form entries only on submission.
  • Amazon Media: Serves book covers. Data sent: Request for image file. No cookies.

Your Data Rights

Under modern privacy laws (like GDPR and CCPA), you have rights regarding your personal data. Because I don't use cookies, trackers, or account systems, for the vast majority of visitors, I hold no data to access, export, or delete.

However, if you have used one of my enquiry forms, I will have the information you explicitly shared (name, email, and message) in my inbox. At any time, you have the right to:

  • Request a copy of the communication you sent me.
  • Request that I delete our email history and your contact details.
  • Correct any information you previously provided.

To exercise any of these rights, simply email me at () and I will handle your request promptly.

Don't take my word for it

I believe privacy claims should be independently verified so I invite you to audit this site using these respected 3rd party tools:

Blacklight → Webbkoll → GPC Check → Mozilla Observatory →

Note: GitHub Pages controls certain HTTP response headers (like HSTS and frame-ancestors). Some audit tools will flag these as missing — see the Content Security Policy section above for a full explanation of what's implemented and why certain things can't be.

Questions?

I am committed to maintaining a site that respects your digital rights. If you have any questions about how your data is handled, or if you'd like to suggest improvements to my transparency report, please email me at (). I'm always happy to chat about the open web and digital privacy.

Get in touch for photo licensing.