sommaire · 9 sections
Last updated: 2026-05-18.
This document describes what data this site collects, why, where it is stored, who can access it, and how long it is retained. It is written in plain language to stay readable — the strict legal version boils down to one sentence: bare minimum, all self-hosted, never sold to anyone.
TL;DR
- No advertising cookies, no third-party trackers (Google Analytics, Meta Pixel, etc.).
- Visit statistics are measured by a self-hosted Plausible instance, without cookies and without individual identifiers.
- The newsletter is handled by a self-hosted Listmonk instance: only your email is stored, one-click unsubscribe.
- Comments are handled by a self-hosted Remark42 instance: you can comment anonymously, with email, or via a third-party account (your choice).
- No data is ever sold or shared with third parties.
1. Data controller
Nicolas — editor of Nicolas Finance.
For any question about your data: contact@nicolas.finance.
2. Data collected
2.1 Navigation (statistics)
A self-hosted Plausible Analytics instance at plausible.nicolas.finance measures page traffic.
| Data | Purpose | Retention |
|---|---|---|
| Page URL | Count page views | 24 months |
| Country (derived from IP, never stored) | Aggregate geographic stats | 24 months |
| Browser / OS | Aggregate technical stats | 24 months |
| Referrer (previous site) | Understand where visits come from | 24 months |
No cookies. No individual identifiers. No fingerprinting. Plausible is designed so a user journey cannot be reconstructed. The IP address is used only briefly to generate an anonymous daily hash, then discarded.
2.2 Newsletter
If you subscribe to the newsletter via the site form:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Send you new articles | Until you unsubscribe |
| Subscription date | Technical trace (anti-spam) | Until you unsubscribe |
| Status (confirmed / pending) | GDPR double opt-in | Until you unsubscribe |
Emails are stored in self-hosted Listmonk at newsletter.nicolas.finance. No segmentation, no open tracking, no click tracking. The only unique-link in each email is the unsubscribe link.
Legal basis: your explicit consent (opt-in box + confirmation email).
2.3 Comments
If you post a comment via Remark42 (self-hosted at comments.nicolas.finance):
| Data | Purpose | Retention |
|---|---|---|
| Name (pseudo or real, your choice) | Display comment author | As long as the comment exists |
| Email (if provided) | Reply notifications, possible gravatar | As long as the comment exists |
| Comment content | Publish it on the site | As long as the comment exists |
| IP (hashed) | Anti-spam / moderation | 30 days then purged |
You can comment anonymously without an email. You can ask for your comments to be deleted at any time at contact@nicolas.finance.
2.4 Search
Full-text search is handled by Pagefind: everything runs in your browser, on a static index downloaded with the site. No request is sent to a server, so nothing is logged.
2.5 Server logs
The server (Traefik + nginx) keeps technical access logs (IP, URL, HTTP code) for security and diagnostic purposes. These logs are:
- Retained for 30 days max, then purged.
- Never cross-referenced with newsletter or comments data.
- Never shared with third parties.
3. Cookies
This site uses no tracking or advertising cookies. The only items stored in your browser are:
| Item | Type | Purpose |
|---|---|---|
pref-theme | localStorage | Remember your dark/light choice |
nf-read-* | localStorage | Remember which articles you marked as read |
| Remark42 session cookie | 1st-party cookie | Only if you sign in to comment |
No cookie banner, because no tracking cookie is ever set. The ePrivacy directive only requires a banner for cookies that are not strictly necessary.
4. Subprocessors
This site is almost entirely self-hosted:
| Service | Role | Hosting |
|---|---|---|
| Web server (nginx) | Serves pages | Personal server (France) |
| Traefik | Reverse proxy / TLS | Same server |
| Plausible | Analytics | Same server, dedicated subdomain |
| Listmonk | Newsletter | Same server, dedicated subdomain |
| Remark42 | Comments | Same server, dedicated subdomain |
| Let’s Encrypt | TLS certificates | Third party — receives the domain name, nothing else |
| GitHub | Source code hosting | Third party — receives no reader data |
No CDN, captcha, or tag manager is used.
5. Transfers outside the EU
Data is stored on a server located in France. The only flows leaving the EU are:
- Let’s Encrypt requests for certificate renewal (USA), which contain no reader personal data.
- An outbound email sent to your email provider (Gmail, Outlook, etc.) — which leaves our control upon delivery.
6. Your rights (GDPR)
Under the GDPR, you have the right to:
- Access the data we hold about you.
- Rectify inaccurate data.
- Erase your data (“right to be forgotten”).
- Object to processing.
- Lodge a complaint with the CNIL (French data protection authority).
To exercise these rights, simply email contact@nicolas.finance. Response within 30 days max.
7. Changes
This policy may evolve along with the tools used on the site. The “last updated” date at the top reflects the latest revision. Material changes will be announced in the newsletter and on the home page.
8. Contact
Question, GDPR request, report: contact@nicolas.finance.