Privacy

We only collect two kinds of information from visitors to littlehilbertshotel.com:

a. Aggregate usage analytics

When you visit the site, our analytics provider (Google Analytics 4) records which page you landed on, how long you stayed, and which events happened while you were reading — e.g. you clicked “Listen,” you changed the voice, you turned a page, you finished the book. We use this to know whether the book is holding people’s attention.

We deliberately configure Google Analytics to be as privacy-respecting as it can be:

• Your IP address is anonymised (anonymize_ip: true) — we never see your full IP.
• Google Signals (cross-device / ad graph tracking) is disabled.
• Ads personalisation is disabled.
• Ad-storage, ad-user-data, and ad-personalisation consent are all set to denied by default.

We never send personally identifying information (your name, your email, the text you type, the route you clicked through) to Google Analytics — only the structural events above.

b. Your email, if you join the waitlist

If you enter your email on /waitlist or on the back cover of the book, we store that email so we can tell you when the printed picture book is ready. We also tag the signup with where it came from (e.g. source:home-hero) so we can tell which parts of the site are working. We do not collect your name, country, age, or anything else at signup time.

Your email is sent to our email provider, Buttondown, via an encrypted (HTTPS) request. Buttondown then sends you a one-click confirmation email (“double opt-in”); you are not on the list until you click that link.

You can remove yourself from the list at any time by clicking the unsubscribe link in any email we send, or by emailing us at [email protected].

c. Standard server logs

The site is hosted on Cloudflare Pages. Cloudflare keeps short-term request logs (IP address, user agent, URL, timestamp) as part of running a web server — these are used to block abuse and to keep the site up. We don’t query, export, or correlate those logs.

To be concrete, and to save you from re-reading §1 with suspicious eyebrows raised:

• No user accounts. No passwords.
• No payment data. We don’t sell anything on this site.
• No advertising, no ad networks, no remarketing pixels.
• No session replay, no heatmaps, no keystroke logging.
• No third-party social media embeds that track you.
• No cross-site tracking. No data brokers. No data sold.

Google Analytics sets a small number of first-party cookies (names like _ga and _ga_<ID>) to figure out if two visits come from the same browser over time. These cookies don’t contain your name or email. If you block them, the site still works exactly the same — you just become invisible to our analytics. That’s fine by us.

We also store a couple of reader-preference keys in your browser’s localStorage (your chosen voice, whether you want music, whether you want animations). These never leave your device and are only used to remember your preferences between visits.

We use three external services to run the site. Each sees only the minimum they need:

• Cloudflare (hosting, CDN, and the function that receives waitlist signups). Sees: standard request logs, and your email in transit when you submit the waitlist form.
  Cloudflare privacy policy ↗
• Google (Google Analytics 4). Sees: anonymised IP, page paths, and the custom events listed in §1a.
  Google privacy policy ↗
• Buttondown (email waitlist provider). Sees: your email address, the source tag, and the content of any email we send you.
  Buttondown privacy policy ↗

We do not sell, rent, or trade your information to anyone, full stop. We only disclose it if compelled by lawful process — and we’ve never received such a request.

The book itself is written for ages 6–8. The website, however, is designed for adults — parents, teachers, librarians, and older kids reading with a grown-up. We don’t knowingly collect personal information (including email addresses) from children under 13.

If you are a parent or guardian and you believe your child has submitted an email address to our waitlist, please email us at [email protected] and we’ll remove it promptly.

We don’t run advertising, profiling, or any feature that would target a child specifically. The analytics we collect are aggregate, not individual.

Depending on where you live, you have some or all of the following rights over the data we hold about you:

• Access. Ask us what we have. Usually this is just your email and the date you signed up.
• Correction.Fix anything that’s wrong.
• Deletion. Ask us to delete your data. For the waitlist, the one-click unsubscribe link does this.
• Portability. Get a copy of what we have on you in a readable format.
• Object.Object to us processing your data, and we’ll stop unless we have a lawful reason to continue.
• Opt out of “sale” (California).We don’t sell data, but for the record: you’re opted out.

The easiest way to exercise any of these is to email us (see §7). If you’re in the EU / UK and you think we’ve mishandled your data, you also have the right to complain to your national data protection authority.

For privacy questions, data requests, or anything else legal-ish, email [email protected]. This is a small project — the email goes to a real person, but please give us a few days to reply.

The data controller for littlehilbertshotel.com is:

Itai Bar-Sinai
Havered Ramat Efal 3
Ramat Gan, 52960
Israel
[email protected]

The site is served over HTTPS end-to-end. The waitlist form submits over HTTPS to a Cloudflare Pages Function, which forwards to Buttondown over HTTPS. Our API keys and secrets are held in Cloudflare’s encrypted secret store and never leave the server. We don’t store passwords (we don’t have accounts), so there’s nothing to leak.

That said: no online service is perfectly secure. If you spot a vulnerability, please email us at [email protected] — we’ll take it seriously.

If we change what we collect or who we share it with, we’ll update this page and bump the “last updated” date at the bottom. Material changes (new sub-processor, new data category, anything that would affect your decision to stay on the waitlist) will also be announced to waitlist subscribers by email.