Privacy Policy
Effective Date: May 13, 2026
SetupScore (“we,” “our,” or “us”) is a static review site with no user accounts, no login system, and no database of personal data. This policy explains what limited data we collect, why, and what control you have over it.
What We Collect#
Analytics Data (with your consent)#
We use two analytics services to understand how visitors use the site. Both are opt-in: they only activate if you accept analytics cookies through our consent banner.
Google Analytics 4 collects:
- Pages viewed and time on site
- Referral sources (where you came from)
- Device type and screen size
- Browser and operating system
- General location (country/region, not street-level)
Google Analytics uses cookies (_ga, _gid) to distinguish visitors across sessions. We have IP anonymization enabled. Google processes this data under their privacy policy.
Microsoft Clarity collects:
- Click and scroll patterns (heatmaps)
- Session recordings of how visitors navigate pages
- Performance metrics
Clarity uses cookies (_clck, _clsk) and is governed by Microsoft’s privacy statement. Clarity does not track users across other websites.
We use Google Consent Mode v2, which means both services start in a denied state. No analytics cookies are set until you explicitly accept them through our cookie banner.
Newsletter Subscription#
If you subscribe to our newsletter, we collect your email address. Newsletter signup is handled by Brevo (formerly Sendinblue), which processes your email under their privacy policy. We use your email only to send product updates and new reviews. You can unsubscribe at any time via the link in every email.
Email Correspondence#
If you contact us directly, we keep the email exchange to respond and follow up. We don’t add you to any mailing list unless you ask.
Server Logs#
Our hosting provider (GitHub Pages) automatically collects standard server logs: IP addresses, browser user agents, and access timestamps. These are managed by GitHub under their privacy statement and are not accessible to us.
What We Do NOT Collect#
- Passwords or login credentials (we have no user accounts)
- Payment information (we don’t sell anything directly)
- Precise geolocation
- Social media profiles or identifiers
- Personal data from minors (see Children’s Privacy below)
Cookies#
We use a cookie consent banner (CookieConsent v3) that lets you choose which cookies to allow. Here’s the full list:
Essential Cookies (always active)#
| Cookie | Purpose | Duration |
|---|---|---|
cc_cookie | Stores your cookie consent preferences | 6 months |
| Theme preference | Remembers light/dark mode selection | Persistent |
Analytics Cookies (opt-in only)#
| Cookie | Service | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique visitors | 2 years |
_gid | Google Analytics | Distinguishes unique visitors | 24 hours |
_clck | Microsoft Clarity | Stores session information | 1 year |
_clsk | Microsoft Clarity | Connects page views in a session | 1 day |
We do not use advertising cookies, social media tracking pixels, or third-party marketing cookies. You can change your cookie preferences at any time through the consent banner (click “Manage preferences” in the banner or clear your cookies to reset).
How We Use Data#
- Analytics data: Understand which reviews and guides are most useful so we can prioritize content.
- Newsletter emails: Send product updates and new review notifications.
- Email correspondence: Respond to your questions or feedback.
We never sell, rent, or trade your data. Period.
Third-Party Services#
Here’s every third-party service that may process data when you visit SetupScore:
| Service | What it does | Data involved | Their privacy policy |
|---|---|---|---|
| Google Analytics | Traffic analytics | Anonymized browsing data | Link |
| Microsoft Clarity | Heatmaps and session recordings | Click/scroll behavior | Link |
| Amazon Associates | Affiliate product links | Cookies set by Amazon after click | Link |
| Brevo | Newsletter delivery | Email address | Link |
| GitHub Pages | Website hosting | Server logs (IP, user agent) | Link |
| Google Fonts | Typography (Playfair Display, Source Sans 3) | IP address, browser info | Link |
| YouTube | Embedded video content (privacy-enhanced mode) | Cookies set by YouTube on play | Link |
When you click an affiliate link to Amazon, you leave SetupScore and are subject to Amazon’s privacy policy. Amazon sets its own cookies to track the referral. We have no access to Amazon’s data about your browsing or purchases beyond aggregate commission reports.
YouTube videos are embedded using the privacy-enhanced mode (youtube-nocookie.com), which means YouTube does not set cookies until you play a video.
International Data Transfers#
SetupScore is hosted in the United States via GitHub Pages. If you visit from the EU/UK or elsewhere, your data may be transferred to and processed in the US. Google and Microsoft process analytics data according to their own data transfer mechanisms, including Standard Contractual Clauses where applicable.
Data Retention#
- Analytics data: Retained by Google Analytics for 14 months, then automatically deleted. Clarity data is retained for 30 days.
- Newsletter emails: Stored in Brevo until you unsubscribe, at which point your email is suppressed (kept on a do-not-contact list per anti-spam regulations).
- Email correspondence: Kept as long as relevant for ongoing communication.
- Cookie consent preferences: Stored locally in your browser for 6 months.
Your Rights#
EU/UK Residents (GDPR)#
You have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure (“right to be forgotten”)
- Restrict processing of your data
- Data portability (receive your data in a structured format)
- Object to processing, including opting out of analytics
- Withdraw consent at any time by changing cookie preferences or unsubscribing from the newsletter
California Residents (CCPA/CPRA)#
You have the right to:
- Know what personal information we collect and how it’s used
- Delete your personal information
- Opt out of the sale or sharing of personal information (we don’t sell your data, so this doesn’t apply, but we respect the right)
- Non-discrimination for exercising your privacy rights
We do not sell personal information. We do not use sensitive personal information for purposes beyond what’s disclosed here.
All Visitors#
Regardless of where you live, you can:
- Reject analytics cookies through our consent banner
- Unsubscribe from the newsletter at any time
- Email us to request deletion of any data we hold about you
To exercise any of these rights, email: [email protected]
We’ll respond within 30 days.
Do Not Track#
Some browsers send a “Do Not Track” (DNT) signal. There is no universal standard for how websites should respond to DNT. Our cookie consent banner gives you direct, granular control over tracking, which we believe is more effective than DNT.
Data Security#
- HTTPS everywhere. All traffic to SetupScore is encrypted via TLS.
- No user accounts. We don’t store passwords, payment details, or personal profiles.
- Static site architecture. No server-side application or database, which eliminates entire categories of vulnerabilities (SQL injection, session hijacking, etc.).
- Content Security Policy. We enforce a strict CSP header that limits which external scripts and resources can load.
- Consent-first analytics. Tracking scripts don’t run until you opt in.
Children’s Privacy#
SetupScore is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has submitted personal information to us, contact us and we’ll delete it promptly.
Changes to This Policy#
If our privacy practices change, we’ll update this page and the “Effective Date” at the top. For significant changes, we’ll note what changed in this section.
Contact#
Privacy questions? Email: [email protected]