Privacy policy
DefyCard is a content site, not an account-based product. We do not operate user accounts, and we collect almost no information about you. This policy explains exactly what we do collect, what third parties receive when you load a page, and how to exercise your rights under the GDPR (European Union, United Kingdom) and the CCPA/CPRA (California, United States).
What DefyCard itself collects
We do not run a custom analytics product. The only first-party data we retain is what an Nginx web server logs by default for every HTTP request: timestamp, IP address, user agent, requested path, response status, and bytes served. These access logs are retained for thirty days for security and abuse-prevention purposes, then automatically rotated and discarded. They are not exported, sold, or correlated with any other source.
The site contains no login form, no newsletter form, no comment form, and no first-party tracking pixel. Loading any page does not place persistent identifiers on your device from the DefyCard origin itself. However, see the Google Analytics + Cookies sections below for what third parties may set when you load a page.
Third parties that receive a request when you load a page
- Google Analytics 4
(
www.googletagmanager.com,www.google-analytics.com, propertyG-JLRZD59902) — measures aggregate page views, approximate location (country / region only), device class, and referrer source so we can see which articles readers find useful. See the dedicated section below. - Google Fonts (
fonts.googleapis.com,fonts.gstatic.com) — serves the Material Symbols icon font. Google’s privacy notice covers what they log. - Unsplash (
images.unsplash.com) — serves article hero and inline images. Unsplash logs image requests for photographer attribution and CDN analytics. - Affiliate destinations — when you click a sponsored link, the destination issuer (ether.fi, Crypto.com, RedotPay, Bybit, and similar) receives the click and may set their own cookies on their own domain.
We do not run Meta Pixel, Hotjar, FullStory, or any other
session-replay or behavioural-recording tool. We do not run a
third-party CDN that sits between you and our origin. The
X-Content-Type-Options, Referrer-Policy, and
Strict-Transport-Security headers are set on every
response.
Google Analytics 4
DefyCard uses Google Analytics 4 (GA4), property
G-JLRZD59902. GA4 collects:
- The page URL you visited and how long you spent on it.
- Approximate geography (country and region only — GA4 does not store full IP addresses; the last octet of IPv4 is dropped before processing).
- Device class (desktop / mobile / tablet), browser, operating system.
- Referrer source (the site you arrived from, if any).
- Anonymised event data such as scroll depth and outbound link clicks (Enhanced Measurement).
GA4 sets first-party cookies on the defycard.com domain
under the names _ga and _ga_JLRZD59902 with
a default 2-year expiry. These cookies contain a randomly generated
client identifier — they do not contain your name, email,
or any account-linked information.
How to opt out:
- Install the official Google Analytics Opt-out Browser Add-on.
- Use a privacy-focused browser (Brave, Firefox with strict tracking protection) or a content blocker (uBlock Origin); GA4 will be blocked outright.
- Send a Global Privacy Control (GPC) header — Mozilla Firefox and DuckDuckGo enable this by default for users in CCPA/CPRA scope.
- Email support@defycard.com with "Privacy request" in the subject line and we will manually exclude your client identifier from our GA4 reporting.
We do not sell GA4 data to third parties, do not link it to any other identifier, and do not use it for personalised advertising. Google's own retention is configured for 14 months, after which event-level data is automatically deleted.
Cookies
DefyCard sets one client-side preference using
localStorage: your dark/light theme choice, stored under
the key theme with the value dark or
light. This is a preference flag, not a tracker; it is not
a cookie, never leaves your browser, and is not sent in any HTTP
request. Clearing site data in your browser removes it.
Google Analytics sets the cookies described above. No other cookies are set by DefyCard or by any other third-party script we load.
Affiliate links
When you click an affiliate link on DefyCard, the destination issuer may attach a referral code and set their own cookies on their own domain. This is what allows them to pay us a commission. We do not receive personally identifiable information from this flow — only aggregate referral counts. The affiliate disclosure explains the mechanics in detail.
Your rights under the GDPR
If you are in the European Union, the United Kingdom, or another jurisdiction that grants equivalent rights, you have the right to access, correct, delete, restrict, or port any personal data we hold about you. Because we hold no account-linked data and our access logs are unindexed, we typically have nothing tied to a specific person — but we will confirm in writing within 30 days.
To file a request, email support@defycard.com with “GDPR request” in the subject line. We may ask for the IP address and approximate timestamp of a recent visit so we can locate matching access-log lines, if any, before deletion.
Your rights under the CCPA/CPRA
If you are a California resident, you have the right to know what personal information we collect, to delete that information, and to opt out of any sale or sharing of it. DefyCard does not sell or share personal information; affiliate referral counts do not constitute a sale of personal information under the CPRA, because no identifier tied to you crosses the boundary. To submit a CCPA request, email support@defycard.com with “CCPA request” in the subject line.
Children
DefyCard is not directed at children under 16. We do not knowingly collect data from children. If you believe we have inadvertently received such data, email us and we will delete it.
Changes
Material changes to this policy will be reflected in the “Last reviewed” timestamp at the bottom of this page and noted in the news section. We do not retroactively change what we collected; new collection only applies after the change date.