This privacy policy applies to the podcast hosting service operated by Arcanum Revelatur at robustmcmanlypants.org. We are based in the United States.
For any privacy-related questions or requests, contact us at michael@robustmcmanlypants.org.
When you download or stream a podcast episode, we record the following information:
| Data point | What it is | Why we collect it |
|---|---|---|
| Country and region | The country and sub-national region (e.g. state or province) from which the download originated, derived by geolocating a truncated version of your IP address. Your full IP address is never stored or transmitted anywhere. | To understand the geographic distribution of our audience. |
| Podcast client name | The name of the app or browser used to download the episode (e.g. "Overcast", "Pocket Casts", "Chrome"), parsed from the User-Agent header. Only the app name is stored — the full User-Agent string is discarded immediately. | To understand which podcast apps our listeners use. |
| Device type | A broad category — desktop, mobile, or tablet — derived from the User-Agent header. The raw User-Agent string is discarded. | To understand whether listeners are on mobile or desktop. |
| Bytes served | The number of bytes of the audio file served in a given request, compared against the total file size. | To calculate completion rate — whether an episode was listened to fully or partially. |
| Date and hour (UTC) | The date and UTC hour of the download. Minutes and seconds are not stored. | To show download trends over time and time-of-day patterns. |
| Episode identifier | An internal reference to which episode was downloaded. | To count downloads per episode. |
| Approximate listener token | A short anonymous token derived by hashing a daily-rotating salt, the truncated IP subnet, and the first 40 characters of the User-Agent. This token changes every 24 hours and cannot be reversed to identify you. | To estimate how many distinct listeners downloaded an episode within a 24-hour window, without tracking individuals across sessions. |
The data we collect is used solely for our own internal analytics — to understand how many people are listening to each episode, which podcast apps they use, where in the world our audience is, and whether episodes are listened to fully or skipped. This helps us plan content and understand the reach of our published work.
We do not use this data for advertising, profiling, or any commercial purpose. We do not build listener profiles. We do not attempt to re-identify individuals from the anonymous data we collect.
When your podcast app requests an episode file, your IP address is received by our server in the normal course of internet communication. We immediately truncate it to the network prefix (the first three octets for IPv4 — e.g. 152.2.21.x becomes 152.2.21.0), send only this truncated address to a geolocation service to determine your country and region, and then discard it entirely. The truncated address is never stored. The geolocation result (country and region only) is what gets recorded.
We use the MaxMind GeoLite2 web service to convert the truncated IP subnet into a country and region. Only the truncated network address (e.g. 152.2.21.0, not your actual IP) is sent to MaxMind. MaxMind's privacy policy governs their handling of that request and is available at maxmind.com/en/privacy-policy.
To approximate unique listener counts without tracking individuals, we generate a short token by computing a cryptographic hash (SHA-256) of three inputs: a salt that changes every 24 hours, the truncated IP subnet, and the first 40 characters of the User-Agent string. Only the first 16 characters of the resulting hash are kept. This token is mathematically irreversible — it cannot be used to recover your IP address or identity — and resets every 24 hours, so it cannot be used to track you across days.
We do not sell, rent, share, or otherwise disclose any data we collect to any third party for any purpose, commercial or otherwise. The only external service involved in data collection is MaxMind (for geolocation, as described above), and only the truncated IP subnet is sent to them — never your full IP address, and never any other data about your download.
We do not use Google Analytics, Meta Pixel, or any other third-party analytics or advertising service.
Download statistics are retained indefinitely for historical analysis of episode performance over time. Because no personally identifying information is stored, this retention does not pose an ongoing privacy risk to individual listeners. If you have concerns about data retention, contact us at the address below.
We voluntarily apply GDPR standards to all users worldwide, not just those in the EU and UK. Here is how our data practices map to GDPR requirements:
| GDPR Requirement | Our Practice | Status |
|---|---|---|
| Lawful basis for processing | Legitimate interest (Article 6(1)(f)) — a content publisher's interest in understanding the reach of their published work, balanced against the minimal privacy impact of purely anonymous aggregate statistics. | ✓ Met |
| Data minimisation | We collect only what is necessary. IP addresses are truncated and discarded. Raw User-Agent strings are discarded. Minutes and seconds of timestamps are not stored. | ✓ Met |
| Purpose limitation | Data is used exclusively for our own internal audience analytics. It is not used for advertising, profiling, or any other purpose. | ✓ Met |
| Storage limitation | Because no personal data is stored, standard retention limits do not apply. We retain aggregate statistics indefinitely for historical content analysis. | ✓ Met |
| Accuracy | We do not store personal data that could become inaccurate. | ✓ Met |
| Integrity and confidentiality | All data is stored on a secured server. No personal data is stored. | ✓ Met |
| Rights of access, erasure, portability | Because no personally identifying data is stored, individual records cannot be attributed to a specific person. These rights cannot be meaningfully exercised but we will respond to any request. | ✓ Addressed |
| Consent | Consent is not required because our legal basis is legitimate interest and because the data collected is genuinely anonymous and cannot re-identify individuals. | ✓ N/A |
If you believe our data practices are unlawful, you have the right to lodge a complaint with the data protection authority in your country. EU residents can find their local supervisory authority at edpb.europa.eu.
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant California residents specific rights regarding their personal information. Here is how our practices apply:
| CCPA / CPRA Provision | Our Practice | Status |
|---|---|---|
| Right to know what personal information is collected | This privacy policy fully discloses what we collect. In summary: anonymous geographic data, podcast client name, device type, bytes served, date/hour, and a non-reversible daily-rotating listener token. No personal information as defined by CCPA (name, email, precise location, IP address, etc.) is collected or retained. | ✓ Met |
| Right to know whether personal information is sold or disclosed | We do not sell, share, or disclose any data we collect to any third party for any commercial purpose whatsoever. | ✓ Met |
| Right to opt out of sale of personal information | We do not sell personal information. No opt-out mechanism is required. | ✓ N/A |
| Right to deletion | Because we do not collect personal information as defined by CCPA, there is no personal data to delete. We will respond to any deletion request made to us. | ✓ Addressed |
| Right to non-discrimination | We do not discriminate against any user based on the exercise of their privacy rights. This service is provided free of charge and is not contingent on data collection. | ✓ Met |
| Sensitive personal information | We do not collect any sensitive personal information as defined by the CPRA (precise geolocation, racial or ethnic origin, religious beliefs, health data, financial data, etc.). | ✓ Met |
Regardless of where you are located, you may contact us at any time to:
Contact: michael@robustmcmanlypants.org
If we make material changes to this privacy policy, we will update the date at the top of this page. Because we do not have your contact information, we cannot notify you directly of changes. We encourage you to review this page periodically.
Arcanum Revelatur
michael@robustmcmanlypants.org