policy/privacy.tml·v1.0

Privacy policy for the TestML docs site.

We run a small open-source docs site. We log a thin slice of request data to keep it safe and fast. No third-party ad trackers. No cross-site profiles. No sold data. If you want a copy of what we hold on you, write to us and we ship it back within 30 days.

// Index · 10 clauses

// Clauses · normative

Each clause is short, plain and binding.

§ 01/ scope

Scope of this policy

This policy covers testml.org and the docs subpaths we serve from it. It does not cover GitHub, where the source code lives.

For GitHub-side data, read the GitHub Privacy Statement. We do not control what that platform logs.

§ 02/ who

Who runs TestML

TestML is an open-source project. A small core team of maintainers ships the spec and the runtime kits.

When you write to us, a human on that team reads your note. Replies arrive from the same on-domain mailbox.

§ 03/ collect

What we collect

We log the bare minimum to keep the site fast and safe. That means short-lived server logs and one tiny preference cookie.

Server logs hold an IP address, a user-agent string, the path you fetched, and a timestamp. They roll off after 14 days.

The cookie remembers your dark-mode choice. It stores a single flag and does not link to your identity.

  • tml_theme — light or dark, expires in 365 days, set first party.
  • __cf_bm — short-lived bot check set by the CDN, expires in 30 minutes.
§ 04/ analytics

How we measure visits

We use aggregate, cookie-free analytics. The tool counts page views and referrers in summary form only.

No cross-site tracking. No fingerprint. No ad pixels. We never sell or rent visit data.

§ 05/ github

Links and embeds we use

The docs embed a few external assets. Each one is fetched from its own host, which can see your IP and user-agent.

  • GitHub — issue links, star counts, raw README badges.
  • npm and PyPI — version badges and download counters.
  • Asciinema — embedded terminal recordings on the demo page.
§ 06/ purpose

Why we keep this data

Server logs help us spot abuse and debug a broken release. The theme cookie keeps your view stable between visits.

Aggregate counts tell us which docs pages need rewriting. That is the only product use of visit data.

§ 07/ share

Who else sees it

Nobody, except the vendors that host parts of the site. Each one signs a data processing agreement.

  • CDN — caches and serves static pages, sees raw requests.
  • Search — indexes the docs, sees public URLs only.
  • Email — handles mail you send to contact@testml.org.
§ 08/ retain

How long we keep it

Raw logs: 14 days, then deleted by the host. Aggregate page counts: 24 months in summary form. Email threads: kept until the issue is closed, then archived for a year.

§ 09/ kids

Children and consent

TestML is a tool for working developers. We do not knowingly process data from children under 16.

If you believe a minor sent us data by mistake, write to us and we will remove it.

§ 10/ changes

Changes to this policy

We post material changes here with a fresh effective date at the top. Old versions are kept in the git history of this repo.

Keep an eye on the changelog. We do not email policy updates to people who have not asked for them.

// At a glance · what runs and what does not

A quick yes/no on this site.

Yes · we run these

First-party only

  • Short-lived server logs for safety
  • One first-party theme cookie
  • Aggregate cookie-free analytics
  • CDN bot checks at the edge
  • Plain email for contact requests

No · we skip these

Never on this domain

  • Cross-site advertising pixels
  • Device fingerprint scripts
  • Third-party session replay
  • Data sales to brokers or partners
  • Hidden trackers in docs pages

Questions about your data? Just write.

A core maintainer reads every note. We answer within five working days. Tell us what you need — access, deletion, or a plain copy of what we hold.

Email the maintainers$ open /contact/