Skip to content
Pitch

Privacy

What this website collects, what it doesn't, and how to stop it from collecting anything at all.

The short version

This website uses Google Analytics 4 in a deliberately stripped-down posture. No cookies are set. No personal data is collected. No cross-site or cross-device tracking happens. What we measure is aggregate, modeled traffic — counts of pageviews, clicks, and scroll depth — used to understand which pages people find useful and which CTAs they engage with.

You can verify this yourself: open your browser's developer tools, load any page on this site, and look at the cookie jar for pitch.morperhaus.org. It will be empty.

What's collected

  • Page views — which URLs are visited, in what order, with referrer + UTM tags.
  • Scroll depth — fires once per page when a visitor reaches 90% of the page height.
  • Outbound link clicks — when you click a link to another domain.
  • File downloads — when you click a link that ends in a download extension (.dmg, .exe, .AppImage, .zip).
  • Download CTA clicks — which Download button on which page (hero, nav, footer, final).
  • Release page views — which release notes pages get traffic.
  • Coarse geolocation — country-level only, derived server-side from IP and not stored alongside any identifier.

What's not collected

  • Your identity, email, IP address, or any other PII.
  • Cookies of any kind — Google Analytics is configured with consent-denied defaults for all consent types.
  • Cross-site or cross-device tracking — Google Signals is disabled at the property level.
  • City-level or precise geolocation — granular location data collection is disabled.
  • Form fields, search queries, or video engagement — none of these are enabled.
  • Anything from the Pitch desktop app — the app and this website are separate; the app does not phone home.

How "cookieless aggregated" works

Google Analytics 4 supports running with all consent types set to denied. In that mode, the GA library still sends measurement pings, but they include no cookies and no persistent identifier. Google aggregates these pings into modeled traffic counts. The reports we see are statistical estimates, not individual session traces.

The technical signature: every measurement request to GA includes gcs=G100 in the query string. G100 means "consent denied for all categories." If you ever see G101 or higher in your network tab while on pitch.morperhaus.org, that would mean the privacy posture is misconfigured — please file a bug.

Retention

Event data is retained in Google Analytics for 14 months from the date of collection, then automatically deleted. This is the maximum retention period available on the free tier and exists to allow year-over-year comparisons.

How to opt out completely

Because no cookies are set and no identifiers are tied to your visit, there's nothing to opt out of in the usual sense. If you'd like to ensure no measurement pings leave your browser at all, a content blocker like uBlock Origin, the EFF's Privacy Badger, or your browser's built-in tracking protection (Safari ITP, Firefox ETP, Brave Shields) will block the Google Analytics script entirely. Nothing on this site depends on it.

The Pitch desktop app

The Pitch desktop application — the thing you download from this site — does not collect, transmit, or report any usage data. It checks for updates via Cloudflare-fronted release feeds and that's the only network call it makes on your behalf. The auto-update system uses electron-updater's standard manifest-fetch flow and sends no telemetry.

Changes

If this privacy posture changes, the change will appear in the repository at website/src/pages/privacy.astro and the commit history is the audit trail. There is no separate changelog for this page.

Contact

Questions or concerns: open an issue.