Privacy Policy

Last updated: 2026-06-04

Summary

The Botanical Glow ("we", "us") is a static affiliate site. We don't run analytics pixels, we don't sell or share personal data, and we collect the minimum information needed to operate the site and the optional newsletter.

What we collect

  • Newsletter subscriptions. When you submit the subscribe form, we store your email address, the date and time of subscription, your IP address (for abuse prevention), the country-level location Cloudflare derives from that IP, and your browser's User-Agent string. Submission of the form, after the captcha, signals your consent to receive the newsletter.
  • Affiliate click counts. When you click an outbound affiliate link we increment an aggregate counter so we can see which products people are interested in. The counter is keyed by product, not by visitor — no IP, user-agent or other identifier is stored against your click.
  • Edge metrics. Cloudflare, our hosting provider, records standard, privacy-respecting metrics (request counts, country-level traffic, bot-protection signals) as part of operating the network. We see aggregate numbers; your individual identity is not visible to us.

For specifics on cookies set on your device, see the "Cookies" section below.

What we don't collect

  • No tracking pixels, no first-party analytics cookies.
  • No accounts, no logins, no profile building.
  • No data sold or shared with third parties for advertising.

Cookies

The site is intentionally cookie-light. A complete inventory:

  • First-party cookies (us). The only cookie we set is __csrf, a security token used on the admin area. It's HttpOnly, Secure, SameSite=Lax, expires after 24 hours, and is only set if you're a signed-in editor. Regular visitors never see it.
  • Cloudflare security cookies. Our hosting and bot protection (Cloudflare) may set short-lived operational cookies such as __cf_bm (bot mitigation, ~30 min) or cf_clearance (challenge passage). These are strictly necessary to operate the site securely.
  • Web analytics. We use Cloudflare Web Analytics for aggregate pageview counts and country-level traffic. It is cookieless by design — no identifiers are stored on your device.
  • Turnstile (newsletter form). When you submit the newsletter signup, the bot-protection widget may briefly set a challenge cookie on challenges.cloudflare.com. It's operational and isn't used to identify you.
  • Third-party retailers (when you click an affiliate link). The destination — Amazon and any other retailer we link to — will set their own cookies on their own domain to attribute the referral and run their site. Those cookies are governed by that retailer's privacy policy, not this one. We do not see or share in them.

You can review and clear cookies via your browser settings, or block third-party cookies globally. Most browsers also support a "Do Not Track" header — we don't track anyway, but it's respected by design.

Affiliate links and third-party data

Clicking an affiliate link takes you to a third-party retailer. The retailer's own privacy policy applies the moment you land on their site, including any cookies they set to attribute the referral and track your session. Amazon Associates, in particular, sets a cookie that tags you as having arrived via this site so qualifying purchases are credited back; we receive only aggregate sales reports, never your personal information.

Newsletter unsubscribe

To stop receiving the newsletter, click the unsubscribe link at the bottom of any email we send. The link removes your address from our list immediately.

Data retention

  • Newsletter subscribers: kept until you unsubscribe or request deletion.
  • Edge logs (Cloudflare): retained per Cloudflare's policy, typically rolling 30 days.

Security

We enforce TLS 1.3, HSTS preload, a strict Content Security Policy, a managed web application firewall, and bot protection. Admin access requires zero-trust authentication.

Changes to this policy

We may update this policy from time to time. Material changes will be announced via the newsletter or a notice on this page. The "Last updated" date at the top reflects the most recent revision.