Last updated: 12 July 2026
This site stores nothing on your device
No cookies. No local storage. No session storage. No fingerprinting. This site writes nothing to your browser and reads nothing from it.
That is not a slogan. Open your browser developer tools, go to Application, and look at the storage for this domain. It is empty. You do not have to take my word for any of it.
There is no consent banner here for the same reason. I have nothing to ask your permission for.
One person runs this
Țugui Dragoș-Constantin, based in Germany, is the controller of the data described on this page, within the meaning of the EU General Data Protection Regulation.
This is a personal blog where I document what I am learning about quantum computing. There is no company behind it. No newsletter, no accounts, no comments, no forms, and nothing for sale. To reach me about anything on this page, use the Contact link in the menu.
This policy covers tuguidragos.com and nothing else. IBM Quantum, GitHub, npm, and every other site I link to operate under their own terms, not mine.
Page views are counted, and that is the whole of it
I use Cloudflare Web Analytics to find out whether anyone reads this. It records page views, visits, the referring page, an approximate country, the browser and operating system, and how long the page took to load.
According to Cloudflare's documentation, this tool uses no cookies, no local storage, no session storage, and no IndexedDB. It does not fingerprint visitors by IP address or user agent. It does not follow you to other websites. Query strings are not logged. I cannot pick an individual reader out of this data, and I have no mechanism with which to try.
Legal basis: legitimate interest, Article 6(1)(f) GDPR. The interest is knowing whether the writing reaches anyone, and keeping the pages fast. There is no advertising, no remarketing, and no profiling.
Because nothing is stored on or read from your device, Section 25 TDDDG does not require your consent for this.
Serving a page needs a connection, and a connection carries an IP address
Two providers make that connection work.
Cloudflare sits in front of this site as a content delivery network and reverse proxy. Its network sees your IP address and the standard headers your browser sends, in order to route the request, cache the page, and keep the site available. This happens whether or not analytics is switched on. It is structural. Every site behind a content delivery network works this way.
Hetzner Online GmbH, of Gunzenhausen, Germany, hosts the server, which runs in Hetzner's Helsinki location. Site content and server logs therefore stay inside the European Union. Hetzner transfers none of it to a third country.
Legal basis for both: legitimate interest, Article 6(1)(f) GDPR, in operating the site securely and reliably.
Cloudflare is the only part of this site that leaves the EU
Cloudflare, Inc. is a United States company. Everything else, the server and its logs included, stays inside the European Union.
For that transfer, Cloudflare relies on the European Commission's Standard Contractual Clauses and on its certification under the EU-U.S. Data Privacy Framework. Its data processing addendum keeps the Standard Contractual Clauses in force alongside the framework, so more than one legal basis covers the same transfer.
The terms themselves live on Cloudflare's own page, not in a copy I maintain here: Cloudflare and the GDPR. Transatlantic transfer law has been rewritten more than once. Rather than freeze a moving position into this page, I point at the source that stays current.
Everyone gets the same treatment, wherever they read from
This site is read from anywhere in the world. I apply one standard to every visitor, the European one, because it is the strictest, and because varying my behaviour by geography on a blog this small would be theatre.
I do not sell data. I do not run advertising. I do not build visitor profiles. I use no tool that follows you to other websites.
Your rights point mostly at an empty shelf
Under the GDPR you may ask to access, correct, or erase data about you, to restrict or object to its processing, and to receive it in a portable form. You may also complain to a data protection supervisory authority, including the one where you live.
On this site, most of those rights have nothing to bite on. Analytics data is not linked to your identity and cannot be traced back to you. Your device holds nothing of mine. Where I hold nothing, there is nothing to hand back, correct, or delete.
Nothing here is aimed at children
I do not knowingly collect data from anyone under sixteen.
Changes get dated
If what this site collects changes, or how it is processed changes, I will rewrite this page and change the date at the top. The date is the claim.