simonberg.ai · privacy

Privacy.

Last updated 25 April 2026 · written by Simon, not a lawyer

A short, honest version of what I collect on this site, what I don't, and what I do with it. If anything in here doesn't sit right with you, reply to any email I send and tell me. I'll fix it.

01 The site

simonberg.ai is mine. I built it. I host it on Vercel. There are no third-party trackers on it. No Google Analytics, no Facebook pixel, no LinkedIn pixel, no Hotjar, no nothing. Honestly... after a career of watching marketers bolt thirty trackers onto a single page, I really didn't fancy doing it on my own one.

What I do run is a tiny self-hosted pageview counter that tells me, very roughly, what people are reading. It writes one short row per page you load to my own database (Supabase). That row contains:

• The path you visited (e.g. /articles/how-i-decide-what-to-build-next)
• Where you came from (the referring page, if your browser sent one)
• A coarse device class (desktop / mobile / tablet)
• Your country, region, and city as estimated by Vercel from your IP, never the IP itself
• How long you spent on the page and how far you scrolled, when your browser tells me
• A short random session id stored as a first-party cookie, so I can tell whether ten pageviews are one person reading ten articles or ten different people reading one

I don't store your IP address. I hash it with a daily-rotating secret so I can guess "two visits, same person, same day" without ever holding the actual IP. After 24 hours that hash points to nothing.

02 The newsletter

If you sign up for The AI Brief, I store your email address, your name (if you give one), and the time + page you signed up from. That's it. The list lives on my own database, sent through Resend, never sold, never shared, never used for anything except sending you the newsletter.

Every email I send carries an unsubscribe link in the footer plus a one-click unsubscribe header that Gmail and Apple Mail expose at the top of the message. If you tap either, you're out, instantly. No retention period, no "are you sure". I think the whole "are you sure you want to unsubscribe" dance is a bit gross.

03 When you click a link in the newsletter

This is the bit I want to be honest about, because it's where the privacy ground gets a little softer.

When I send The AI Brief, every link in the email is rewritten so it goes through my own redirect (something like simonberg.ai/r/<short-token>) before bouncing you to the article. The token tells me which subscriber clicked which link in which issue. From that click onwards, your visits to simonberg.ai in the same browser are tagged with your subscriber id for about 90 days.

I do this for one reason: I want to know which stories actually landed with you. If three issues in a row, twenty people including you click the lead story but nobody touches the second one, that's a signal I should change something. Without it I'm shouting into the dark.

If you'd rather I didn't, totally fair... just unsubscribe. Or reply and ask me to flag your account "no link tracking" and I'll honour that on the next send.

04 When you click a link away from the site

If you click an outbound link on simonberg.ai (to LinkedIn, to one of the companies I'm involved with, anywhere external), I record the host you exited to. Same anonymous session-only data as the pageview above. It tells me which CTAs people care about. Where they came from on my end is logged; what you do once you've left is none of my business.

05 Cookies

Three first-party cookies, all set by my own domain:

• sb_sess... random session id, 30 days. Makes "unique reader" counts approximate-but-honest.
• sb_utm... remembers where you arrived from for an hour, so a campaign tag survives your second pageview.
• sb_uid... only set if you clicked through from an email I sent. Maps to your subscriber id. 90 days.

No third-party cookies. No advertising cookies. Clear them whenever you like, the site works either way.

06 What I never do

• I don't sell your data. Not your email, not your name, not your reading habits. Not now, not later. There's no version of this site where that becomes a revenue model.
• I don't share the list with sponsors. If The AI Brief ever runs a sponsor I'll send the sponsor's message myself, from my own server, and they'll never see your email.
• I don't load advertising trackers, retargeting pixels, or "engagement scoring" tools.
• I don't read your replies and feed them into anything. If you reply to an email, that's a conversation between you and me. I keep them in Gmail, like everyone else.

07 Your rights, in plain English

You can email me at any time and ask:

• "What do you have on me?"... I'll send you the full record.
• "Delete me."... I'll wipe the row. Subscription, click history, everything. Within a week.
• "Stop tracking my clicks but keep me on the list."... That's fine too. Tell me and I'll add a no-track flag to your record.

The address is simon@simonberg.ai. It comes to me, not a support team.

08 The boring legal bit

This site is operated by me personally. I'm based in Connecticut, US. The infrastructure is US-based and I use three sub-processors:

• Vercel hosts the site
• Supabase stores the database (subscriber list, pageview rows, click rows)
• Resend delivers the newsletter emails

If you're in the EU or UK and want a formal data-controller record, I'm it. Email me and I'll provide a more structured response in the form GDPR / UK GDPR expects.

If I ever change anything material on this page I'll update the date at the top. If I ever do something that crosses a line you'd care about (sell the list, switch to a third-party tracker, anything in that direction) I'll send a separate email flagging it, before it happens. Not buried in fine print.