Last Updated: June 1, 2026
Effective Date: January 1, 2026


1. Overview

This Privacy Policy explains how Andy17 (“this site”, https://andy17.com) handles visitors’ personal data.

This site is a personally operated blog and a static website with no sign-up, login, comment, or payment features. As a result, the operator does not directly collect or store visitors’ personal data.

To run the site, however, we use the third-party services listed below (analytics, advertising, and security). These services may independently collect and process certain information, such as cookies and IP addresses. Each service handles data according to its own privacy policy.

This policy is written with reference to the privacy laws that may apply to visitors based on their location, including the Personal Information Protection Act (PIPA) of the Republic of Korea, the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA).


2. Operator and Contact

ItemDetails
Site nameAndy17
OperatorPersonal blog operator (Andy)
Email[email protected]

For any privacy-related questions or requests, please contact us at the email above.


3. Information Collected by Third-Party Services

This site uses the following services. The data is collected and processed by each service provider, not by the operator, and these services primarily collect information such as cookies, IP addresses, and advertising identifiers. For details, please refer to each provider’s policy.

  • Google Analytics (Google LLC) — Visitor analytics. Collects cookies, IP addresses, pages visited, time spent, and similar data. View policy
  • Google AdSense (Google LLC) — Advertising. Collects cookies, advertising identifiers, and inferred interests. View policy
  • GoatCounter (goatcounter.com) — Cookieless visitor analytics. Keeps only aggregate, non-identifiable statistics and does not store cookies, IP addresses, or unique identifiers. View policy
  • Cloudflare (Cloudflare, Inc.) — CDN and security (DDoS protection, WAF). Processes technical traffic information such as IP addresses. View policy

This site does not sell or rent visitors’ personal data to third parties.


On this site, cookies are used by Google Analytics and Google AdSense; GoatCounter and the static pages themselves do not use cookies.

Visitors in the EU/EEA and the UK are shown a cookie consent banner when they enter the site, and analytics and advertising cookies are activated only after consent. Consent can be withdrawn at any time. All visitors can block or delete cookies through their browser settings.

To turn off ad personalization or opt out of interest-based advertising, you can use the following:


5. International Data Transfers

Google and Cloudflare are global providers, so visitors’ data may be processed outside their country of residence (e.g., in the US or the EU). These providers transfer and process data under lawful safeguards such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs). This site is operated in line with EU data protection standards.


6. Your Rights

Depending on where you live, you have rights over your personal data under laws such as the GDPR, UK GDPR, CCPA/CPRA, and Korea’s PIPA — including the rights to access, correct, delete, restrict processing, object, port your data, and opt out of ad personalization.

Because most data is held by the third-party services above rather than by the operator, the fastest way to exercise rights such as deletion is directly through each service (for example, your Google account settings). For other requests, contact us at [email protected] and we will respond within the period required by applicable law.

Visitors in the EU/EEA may lodge a complaint with their local data protection authority. Visitors in the Republic of Korea may report to the Personal Information Protection Commission (privacy.go.kr) or the Privacy Infringement Report Center (call 182).


7. Data Retention

The operator does not directly store visitors’ personal data. Retention periods for third-party services follow each provider’s policy; for example, Google Analytics data is set to be deleted automatically after 26 months by default.


8. Children’s Privacy

This site is not directed to children and does not knowingly collect children’s personal data (in regions where the GDPR applies, the age of consent ranges from 13 to 16 depending on the member state). If we become aware that a child’s personal data has been collected, we will delete it promptly. For related inquiries, please contact [email protected].


9. Data Security

This site applies reasonable safeguards, including encrypted transmission over HTTPS/TLS, Cloudflare-based security (WAF and DDoS protection), and administrative access controls. However, no method of transmission over the internet is completely secure, and visitors are also responsible for protecting the security of their own devices and accounts.


10. Changes to This Policy

This policy may be updated due to changes in law or services. When it changes, the “Last Updated” date at the top of this page will be revised accordingly.


11. Contact

Email: [email protected]