Privacy & Cookie Policy

Last updated: 2026-07-14

This Privacy & Cookie Policy explains how antonysisle.com (the “Site”, “we”, or “us”) collects, uses, stores, and protects information when you visit the Site, submit comments, use event booking features, contact us or submit forms, use on-site private messaging or chat, interact through IndieWeb features such as webmentions and IndieAuth sign-in, or use site tools such as translation and cookies.

This policy is intended to describe the Site’s current WordPress configuration and active plugins. It may be updated when the Site, plugins, hosting, or legal requirements change.


1. Data Controller and Contact

The Site is operated by Antony. For privacy questions or requests, contact: [email protected].


2. Information We Collect

CategoryExamplesPurposeTypical retention
Server and security logsIP address or IP-derived data, request time, URL, browser metadata, login attempts, blocked requests, firewall eventsOperate the Site, prevent abuse, investigate errors, protect accounts and contentAs needed for security, troubleshooting, and abuse prevention
AnalyticsPage views, visit counts, country/region, browser/device type, referring pages, first/last touch attribution; for Jetpack Stats, your IP address and browser metadata are processed by AutomatticUnderstand Site usage and improve content and performanceWP Statistics cleanup is configured for 180 days; Jetpack Stats data is retained by Automattic according to its own policy
CommentsName, email address, website if provided, comment text, comment date, IP/user-agent metadata used by WordPress for moderation and abuse preventionDisplay and moderate comments, prevent spam and abuse, allow follow-up where appropriateWhile the comment remains published or as needed for moderation records
Event and booking dataEvent registrations, RSVP status, booking status, spaces/tickets, booking comments, event/location details, timestamps, and related WordPress account identity where applicableRun events, manage attendance, prevent duplicate bookings, handle event administration and supportWhile needed for event administration, support, audit, or legal/accounting reasons
Contact and form dataName, email address, message content, any file uploads, and related metadata you voluntarily submit through contact or other forms (Forminator)Respond to messages, process requests, and provide supportStored until deleted by an administrator or on request; normally reviewed within 12 months of the relevant interaction
Private messages and chatMessage content, conversation participants, timestamps, attachments you send, delivery/read status, and moderation records (Better Messages)Provide on-site private messaging and chat, moderate abuse, and keep the service reliableMessages are kept until deleted by you or an administrator; attachments are automatically deleted after 365 days
Account and admin dataWordPress user account data, login/session cookies, admin actions, security eventsProvide account access, site administration, and securityFor the life of the account and as needed for security logs
Email delivery metadataEmail delivery configuration and limited send/debug metadata handled by WP Mail SMTPSend transactional or administrative emails reliablyEmail content logging is disabled; debug records may exist only for troubleshooting

Where the GDPR or UK GDPR applies, the legal bases may include legitimate interests in operating and securing the Site, performance of a contract or requested service, compliance with legal obligations, and consent where required for optional features.


3. Cookies and Local Storage

The Site uses cookies and similar technologies for necessary WordPress functionality, logged-in sessions, comments, event booking flows, security, and privacy-preserving analytics.

Name or typePurposeNecessityTypical duration
wordpress_* / wp-settings-* / login cookiesWordPress login, admin preferences, and session managementNecessary for logged-in usersSession to persistent, depending on login choice
comment cookiesRemember commenter name, email, and website if you choose to leave a commentOptional convenienceSet by WordPress when used
Automattic embed cookies (Comments, Likes)Operate the WordPress.com-hosted comment form and Like button and remember WordPress.com login state inside those embedded framesThird-party, set inside Automattic iframes when those features loadPer Automattic’s cookie policy
Cookie Notice cookieRemembers that the cookie notice was acknowledgedFunctionalAbout 1 month based on current settings
WP Statistics visitor cookie or identifierHelps estimate unique visits and traffic patternsAnalyticsAnalytics cleanup is configured for 180 days
Better Messages storageKeeps chat session state, delivery/read status, and notification preferences workingFunctional when using messaging (login required)Session or persistent while you use chat
Events Manager cookies/session dataSupports event booking and RSVP workflowsFunctional when using event featuresSession or as configured by WordPress/plugins

The cookie banner is informational and acknowledgement-based. The Site does not offer an in-banner refuse or revoke control, and the technical data collection described in this policy (server and security logs, analytics) occurs whenever the Site is used — the Site cannot selectively disable it for individual visitors. By continuing to use the Site after notice, you acknowledge this policy and accept that the described data collection takes place. Your available controls are your browser settings (blocking or deleting cookies, sending Do Not Track) and choosing not to use the Site. On-site analytics are configured to be privacy-preserving: WP Statistics anonymizes and hashes IP addresses, respects browser Do Not Track signals, excludes administrator activity, and does not store full user-agent strings. In addition, Jetpack Stats (Automattic) counts visits using a script and beacon served from Automattic’s network — see “Analytics” below.


4. Analytics

The Site uses WP Statistics to understand aggregate traffic and improve content. Current settings anonymize and hash IP addresses, use Cloudflare-derived country/location information where available, respect browser Do Not Track signals, exclude administrator activity, do not store full user-agent strings, and do not share anonymous usage data with the plugin vendor.

The Site also uses Jetpack Stats, a visitor statistics service provided by Automattic Inc. When you visit the Site, your browser loads a small statistics script from Automattic’s network (stats.wp.com) and sends a page-view beacon to Automattic’s servers in the United States. This transmits your IP address, browser and device information, the page viewed, and the referring page. Automattic processes this data on our behalf to produce aggregate visitor statistics and retains it according to its own privacy policy. Jetpack Stats is not used for targeted advertising.

Jetpack Social and connected platforms: The Site uses Jetpack Social, provided by Automattic, to automatically publish new posts to social media accounts connected by the Site operator (“connected social media platforms”). When a new post is published, this may transmit public post content—including its title, excerpt, featured image, and URL—to Automattic and the relevant connected platform. Automattic also processes the account and authorization information required to maintain these connections. Each platform processes information under its own privacy policy. Connected platforms currently include Facebook, Instagram, and LinkedIn.

UTM campaign tracking: Links published through connected social media platforms may contain UTM campaign parameters, such as source, medium, and campaign identifiers. When followed, these parameters form part of the visiting URL and may be processed by the Site and Jetpack Stats for traffic attribution. We do not intentionally include personal information in UTM values.

Analytics data is used for Site operation and improvement, not for targeted advertising.


5. Events, Bookings, and RSVP

The Site uses Events Manager to publish events and manage RSVP/bookings. If you book or RSVP for an event, the Site may store booking status, number of spaces or tickets, booking comments, event attendance information, timestamps, and related event/location records. Anonymous bookings are enabled, and bookings may require approval.

Events Manager privacy tools are enabled for export and erasure of event, location, and booking data. Privacy consent is required for bookings and for guest event/location submissions. Communications consent is currently not enabled.


6. Comments

Comments are currently open by default. If you leave a comment, WordPress stores the information you provide, the comment text, and technical metadata used for moderation and abuse prevention. Approved comments may be visible publicly. You may contact us to request correction or deletion of your comment where applicable.

The comment form is provided through Jetpack Comments (Automattic Inc.) and is embedded from Automattic’s network (jetpack.wordpress.com). When you view or use the comment form, Automattic processes the technical data needed to display it (such as your IP address and browser metadata), and the details you submit — name, email address, website, and comment text — pass through Automattic’s systems before being stored on this Site. The form also offers sign-in with a WordPress.com account. Commenter avatars are provided by Gravatar (an Automattic service): your browser requests avatar images from gravatar.com using a hashed identifier derived from the commenter’s email address, and gravatar.com can see your IP address and standard request metadata. Gravatar hovercards are enabled, which load additional public profile information from Automattic when you hover over an avatar.

Posts also display a Like button served from Automattic (widgets.wp.com) inside an embedded frame. Loading it shares your IP address and browser metadata with Automattic; using it requires a WordPress.com account, and Automattic may set its own cookies inside the embedded frame according to its cookie policy. If you subscribe to new posts or comment notifications where offered, your email address and subscription preferences are stored and processed by Automattic’s subscription service on our behalf.

The Site also accepts webmentions, an open web standard for cross-site conversations. If a page on another website links to a post here and that website (or you, via the webmention form under a post) sends a webmention, the Site fetches the source page to verify the link and stores the page address, the public author name and avatar image address found on that page, an excerpt of the relevant content, and technical metadata such as the submitting server’s IP address. Verified webmentions may be displayed publicly alongside comments on the linked post. Avatar images shown with webmentions are loaded by your browser directly from the source website or its avatar service, which can see your IP address and standard request metadata when the image is fetched. Webmentions are retained like comments until removed; you can request removal of a webmention that concerns you or your website by contacting us.

Conversely, when we publish content that links to another website, the Site may automatically notify that website by sending it a webmention containing the address of our post.



7. Private Messaging and Chat

The Site uses Better Messages to provide on-site private messaging and chat for logged-in users. If you use messaging, the Site stores your message content, conversation participants, timestamps, attachments you send, delivery/read status, and related moderation records. Messages are transmitted over encrypted (HTTPS/TLS) connections and stored in the Site database. Message content is not currently encrypted at rest — at-rest and end-to-end encryption are features of an optional paid messaging component that is not currently active; if it is activated in the future, this policy will be updated. Site administrators and moderators may access message data and metadata where necessary for moderation, abuse investigation, security, or legal compliance.

In addition to human moderation, messages may be screened automatically. The Site has enabled the Better Messages AI moderation feature, which can analyze message text and images — together with a short window of surrounding conversation context — for abuse categories such as harassment, hate, spam, scams, and threats. This screening is performed by the Better Messages vendor’s cloud moderation service, which means screened message content is transmitted to that provider for processing; messages flagged by the system are recorded for review by site moderators. Separately, if voice messages become available, the voice transcription feature is enabled: voice recordings you send may be transcribed automatically by an AI transcription service provided through the Better Messages vendor, and the resulting transcript stored with the message. See “Third-Party Services and Embedded Content” below.

Optional messaging features — including real-time (WebSocket) delivery, voice messages, and calls — may be enabled or disabled at any time. When enabled, they process the same categories of message data and, for voice or call features, the audio you choose to record or transmit. This policy applies to those features whether or not they are currently active.

You can delete your own messages at any time; deleting a message also deletes its attachments. Attachments are automatically deleted 365 days after upload. Message history is otherwise retained until deleted and is not automatically erased when an account is removed, so you may ask us to delete your message data as described in “Your Choices and Rights”. If you enable browser notifications for new messages, your browser’s push service processes a notification identifier to deliver alerts; you can revoke this permission in your browser settings at any time. Emoji images used by the chat interface are loaded from the jsDelivr content delivery network, and sticker images are loaded from the Better Messages vendor’s servers when the sticker feature is used (see Third-Party Services below).


8. Forms

The Site uses Forminator to provide contact and other forms. When you submit a form, the Site stores the information you enter (such as your name, email address, message content, and any files you upload) together with technical submission metadata, and may send an email notification to the site administrator. Form submissions are stored in the Site database until deleted by an administrator or at your request. Forms may be protected against spam using hCaptcha, which can process your IP address, browser metadata, and interaction signals to distinguish humans from automated traffic.

9. IndieWeb Sign-In (IndieAuth)

The Site acts as an IndieAuth endpoint, which lets registered users of this Site sign in to third-party IndieWeb applications using their profile address on this Site. Authentication happens on this Site with your normal WordPress login — your password is never shared with the third-party application. When you approve an application, it receives your public profile address and basic public profile information, and the Site records the authorization (the application’s identity, the permissions granted, and timestamps). Access tokens currently expire after 14 days by default and can be revoked earlier from your user profile on this Site. This processing takes place on the Site itself; no external identity provider is involved. Third-party applications you authorize handle data under their own privacy policies.


10. Security

The Site uses Wordfence Security and Cloudflare to protect against malicious traffic, login abuse, spam, and attacks. These services and plugins may process IP addresses, request metadata, login attempt data, blocked-request records, firewall events, and related security telemetry. This processing is used to secure the Site and investigate abuse. In addition, Jetpack’s firewall filters incoming requests using rule sets provided by Automattic, Jetpack’s account-protection feature may check sign-in attempts for Site accounts against known-compromised-credential data via Automattic’s service, and Automattic’s monitoring service periodically checks whether the Site is reachable.

The Site also uses HTTPS/TLS encryption, access controls for administration, regular software updates, and WordPress security features. No security measure can guarantee absolute security, but we use reasonable technical and organizational measures to protect Site data.


11. Third-Party Services and Embedded Content

  • Cloudflare: Cloudflare is used as a proxy/security layer in front of the Site and may process visitor IP addresses and request metadata for routing, caching, DDoS protection, and firewall/security purposes.
  • Wordfence (Defiant Inc.): The Site uses Wordfence Security, which processes IP addresses, login attempts, and request/security data to block attacks. The Site participates in the Wordfence Security Network, so data about attacking IP addresses and related attack telemetry is shared with Defiant Inc. to improve threat detection across sites, according to Defiant’s privacy policy.
  • Automattic Inc. (Jetpack, Jetpack Stats, Jetpack Boost): The Site uses the Jetpack plugin, which connects the Site to Automattic’s WordPress.com infrastructure in the United States. To provide its features, Jetpack synchronizes site data — such as posts, pages, comments, taxonomies, registered user information, and site settings — to Automattic’s servers. Jetpack Stats loads an Automattic script (stats.wp.com) in your browser and transmits your IP address, browser information, referrer, and pages viewed to Automattic to produce aggregate visitor statistics (see “Analytics”). Jetpack’s account-protection feature may check Site account sign-ins against known-compromised-credential data. Jetpack Boost provides performance optimizations (page caching and CSS/JS optimization) that run on the Site itself. The Site also uses Jetpack’s Image CDN: images in posts and pages are served through Automattic’s global content delivery network (i0.wp.com and related hosts), so your browser requests images directly from Automattic, which can see your IP address and request metadata. The comment form, Like button, and Gravatar avatars and hovercards are likewise served from Automattic’s network (see “Comments”), email subscriptions are managed by Automattic’s subscription service, registered users may sign in via WordPress.com Single Sign-On (in which case authentication is handled by Automattic), and Automattic provides uptime monitoring and firewall rule sets for the Site. Automattic processes this data according to its own privacy policy.
  • Hosting provider: Site data is stored and processed on hosted infrastructure. Server logs and backups may include technical data needed for operations and recovery.
  • GTranslate / Google Translate: The Site offers translation tools. When you use translation, text and request data may be processed by Google Translate or related Google services, depending on how the tool is loaded and used.
  • YouTube and Google content: Some posts may link to or embed YouTube videos or Google-hosted resources. Embedded content can behave as if you visited the third-party site directly and may allow that provider to collect data, use cookies, or track interactions according to its own policies.
  • WP Mail SMTP / Google (Gmail): The Site sends email through Google’s Gmail service, configured via WP Mail SMTP. Email content logging on the Site is disabled, but Google processes the sender, recipient, subject, and message content of Site emails in order to deliver them, according to Google’s privacy policy.
  • Better Messages AI services: When AI moderation is active (and voice transcription, if voice messages become available), message text, images, conversation context, and voice recordings are transmitted to and processed by the Better Messages vendor’s cloud AI services to detect abusive content or produce transcripts, according to the vendor’s privacy policy.
  • hCaptcha: Forms may use hCaptcha for spam protection. hCaptcha (Intuition Machines, Inc.) may process your IP address, browser metadata, and interaction signals according to its own privacy policy.
  • jsDelivr CDN: The chat interface loads emoji images from the jsDelivr content delivery network, which can see your IP address and standard request metadata when those images are fetched.
  • Better Messages stickers: Sticker images offered in the chat interface are loaded from the Better Messages vendor’s servers (better-messages.com), which can see your IP address and standard request metadata when sticker packs are browsed or stickers are displayed.
  • Yoast SEO: Yoast SEO generates metadata, sitemaps, schema, and social preview data. It is used for search-engine visibility and does not itself provide targeted advertising on this Site.

12. Sharing and Disclosure

We do not sell or rent personal information. Information may be processed by hosting, security, email, analytics, translation, and infrastructure providers as needed to operate the Site. We may also disclose information if required by law, to protect rights and security, or to investigate abuse.



13. International Data Transfers

The Site is hosted on infrastructure located in the United States, and Cloudflare provides a global network in front of the Site. If you access the Site from outside the United States — including from China, the European Economic Area, the United Kingdom, or elsewhere — the information described in this policy is transferred to, stored, and processed in the United States and in other countries where our service providers operate. Data protection laws in these countries may differ from those in your jurisdiction. Where required by applicable law (such as the EU/UK GDPR or China’s Personal Information Protection Law), we rely on appropriate safeguards and on your consent, given when you choose to use the Site’s optional features, for these transfers.

14. Your Choices and Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent where processing is based on consent. You can contact us at [email protected] to make a request.

In particular: if you are in the European Economic Area or the United Kingdom, you have the rights set out in the GDPR/UK GDPR, including the right to lodge a complaint with your supervisory authority. If you are a California resident, you may have rights under the CCPA/CPRA to know, access, correct, and delete personal information and to opt out of “sale” or “sharing” — we do not sell or share personal information for cross-context behavioral advertising. If you are in mainland China, you may have rights under the Personal Information Protection Law (PIPL) to access, copy, correct, and delete your personal information, to withdraw consent, and to request an explanation of processing rules; the Site processes personal information outside mainland China as described in “International Data Transfers”.

Deletion requests may be limited where retention is needed for security, legal compliance, dispute resolution, event administration, backups, or other legitimate operational needs. You can also use browser settings to block or delete cookies and to send a Do Not Track signal.


15. Changes to This Policy

We may update this policy when the Site, plugins, service providers, or legal requirements change. The updated date at the top of this page shows when this policy was last revised.


16. Contact

For questions or requests about privacy, contact: [email protected].


Antony’s Isle Services and Organisational Scope

Antony’s Isle is Antony’s personal website and independent online infrastructure. This policy applies to antonysisle.com and, where a service does not publish a more specific notice, to services hosted under its subdomains, including Chat, Auth, Docs, Stream, Birthday, and Deep Research.

These services are owned and administered by Antony. They are not operated by, affiliated with, or official services of BP Debate Union merely because BP Debate Union members are permitted to use a workspace or feature. BP Debate Union’s official online service is provided at bpdebate.club. Project-specific notices may describe a separate relationship, including Ouxiu as a BPDU-led project whose infrastructure is operated by Antony.