Privacy Policy

Last updated: July 11, 2026

Overview

Zener Bangladesh ("we", "us", "our") operates blog.zenerbd.com("the Blog"). This Privacy Policy describes what data we collect, how we use it, and the choices you have. We are committed to a privacy-first, GDPR/Bangladesh Digital Security Act-compliant approach: we collect no personally identifiable information (PII) from anonymous readers and use no third-party analytics.

Data We Collect

Anonymous readers

When you read an article, we record a "view event" with the following non-identifying fields:

  • visitor_id — a SHA-256 hash of your IP address + User-Agent + a daily salt. This cannot be reversed to identify you.
  • country and city — derived from your IP via Vercel's geo headers.
  • device — "mobile", "desktop", or "tablet", inferred from User-Agent.
  • referrer — the URL of the previous page, if available.
  • duration_sec — how long you stayed on the article.

No cookies are set for tracking. The zener-vid cookie stores only your visitor_id for deduplication purposes — it carries no personal data.

Subscribers

When you subscribe to our newsletter, we store your email address, name (optional), preferred locale, source page, and a SHA-256 hash of your IP for spam dedupe. Each subscriber gets a unique unsubscribe token. We never share your email with third parties.

Commenters

When you submit a comment, we store your name, email (used only for Gravatar avatar generation and not displayed publicly), optional website URL, IP hash, and User-Agent (for spam detection). Comments are moderated before publication.

Admin users

Admin authentication is handled by Supabase Auth. We store your email, hashed password (Supabase-managed), display name, role, and last login timestamp. All admin actions are recorded in the audit log.

How We Use Your Data

  • To understand which articles are popular (aggregate view counts, referrers).
  • To send the weekly digest email to subscribers who opted in.
  • To display avatars next to comments (via Gravatar).
  • To detect and prevent spam comments.
  • To comply with legal obligations.

Cookies

We use the following essential cookies only:

  • zener-blog-locale — your preferred language (EN/BN). 1-year expiry.
  • zener-blog-theme — your preferred theme (light/dark). 1-year expiry.
  • zener-vid — your anonymous visitor ID for view deduplication. 1-year expiry.
  • Supabase Auth session cookies — only set if you sign in to the admin panel.

No analytics, advertising, or tracking cookies are used. No consent banner is required.

Your Rights

Under GDPR (and similar regulations), you have the right to access, correct, delete, or export your personal data. To exercise any of these rights, email zenerbd@gmail.comwith "Privacy Request" in the subject line. We respond within 30 days.

Data Retention

  • Post view analytics: retained indefinitely (aggregated, non-PII).
  • Subscribers: retained until you unsubscribe. Unsubscribe links are in every email.
  • Comments: retained until deletion request or post deletion.
  • Audit logs: retained for 2 years for security and compliance.

Security

All data is stored in Supabase (PostgreSQL 15) with Row-Level Security enabled on every table. The admin service-role key is only used server-side inside authenticated API routes. All traffic is HTTPS-enforced by Vercel. Database backups are encrypted at rest.

Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect the latest revision. Continued use of the Blog after changes constitutes acceptance.

Contact

Questions about this Privacy Policy? Email zenerbd@gmail.com or write to:

Zener Bangladesh
Nababpur Complex, Dhaka, Bangladesh