How this record handles visitor data.
What is collected, who receives it, and how to withdraw consent at any time. Stated plainly, without legal boilerplate.
Last updated: Version 2
Privacy policy
1. About this site
RudeBan is a first-person factual record of a patron banned from Playground Poker Club in Kahnawà:ke in March 2024 without written notice, stated cause, or review mechanism, and of the documented executive-level non-response that followed. The site is not a commercial product. It accepts no advertising, sells no data, and offers no account system. Context for the record lives at About.
2. What is collected
Provided the visitor accepts the cookie banner, RudeBan uses Google Analytics 4 (GA4) to measure aggregate engagement with the record. The categories captured are standard for web analytics and are documented by Google:
- Pages visited, including the referring page and landing page for the session.
- Approximate time spent on each page and on the site overall.
- Broad device and browser information (user-agent, language, approximate viewport size).
- Approximate geographic location derived from IP address at the city level. Full IP addresses are not logged by GA4; Google truncates them before storage.
- Interactions with on-page links and call-to-action buttons, including clicks on outbound links to regulators, the World Poker Tour, and social channels.
In addition to the standard GA4 categories above, the site emits a small set of named custom events so that aggregate interaction patterns can be observed without identifying individual visitors. The categories are:
- Call-to-action click — when a primary navigation button is activated (for example, "Read the record," "The correspondence," "The asks," "The gear"). The event records which button was used and in which section of the page it appeared.
- Outbound email link click — when a visitor activates a
mailto:link. Only the domain portion of the address (for example,rudeban.com) and the visible link text are recorded. The local-part of the address is discarded before the event is sent and never reaches the analytics processor. - Correspondence entry open — when a visitor opens an entry on the correspondence archive index. The event records the entry's slug, its date, whether the item is outgoing or incoming, and its status tone (for example, silent, pending, acknowledged).
These event parameters are deliberately scoped to page-level and content-level metadata. No personal identifiers, no email addresses, no IP addresses, and no free-form visitor input are included in any event payload.
There are no forms on the site. No email address, name, or other contact information is collected from visitors. No account registration exists. No payment processing occurs.
If the visitor declines the cookie banner, GA4 remains in a cookieless "consent-denied" mode: no persistent identifiers are written, no cross-session profile is built, and the lightweight ping that does transmit carries no user-level information. The visitor may also withhold consent by blocking analytics at the browser or extension level, which the site does not override.
3. Who receives the data
Analytics data collected under consent is processed by Google LLC under its GA4 terms. Google's infrastructure processes the data in the United States and other jurisdictions where Google operates. Google's own privacy practices for GA4 are published at Google's Analytics data-protection page.
The site is served through Cloudflare, Inc. Cloudflare retains standard edge-server access logs for security and abuse-prevention purposes, per its published privacy policy. This is technical logging, not analytics, and operates irrespective of the cookie banner.
No other third parties receive visitor data. The site does not load advertising networks, social-media trackers, session-replay tools, heatmap tools, chat widgets, or fingerprinting libraries.
The three custom events described in Section 2
(cta_click, email_click, and correspondence_open) are dispatched to the same
Google Analytics 4 property alongside the standard pageview
data and reach no additional recipient. No separate processor
is involved in handling the event payloads.
4. Legal basis and your rights
The site operator is based in Ontario, Canada. The controlling private-sector privacy regime is the federal Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, analytics collection relies on meaningful consent — which is why the site operates on an opt-in basis and why no GA4 cookies are written before the visitor accepts the banner.
For visitors resident in Quebec, Quebec's Act respecting the protection of personal information in the private sector (commonly referred to as Law 25) may also apply to the handling of their personal information. The opt-in posture, the disclosure in this policy, and the ability to withdraw consent at any time are calibrated to satisfy both regimes.
Every visitor has the following rights with respect to personal information the site holds about them:
- Access — request a copy of the information held.
- Correction — request correction of information that is inaccurate.
- Deletion — request erasure of information.
- Withdrawal of consent — at any time, without giving reasons, via the banner or the "Manage cookie preferences" control in the footer.
- Complaint — to the Office of the Privacy Commissioner of Canada (OPC) under PIPEDA, or, for Quebec residents, additionally to the Commission d'accès à l'information du Québec (CAI) under Law 25.
Requests may be submitted by email to the address in Section 8. The site operator will acknowledge receipt within a reasonable period and respond in full within the timeline prescribed by the applicable regime.
5. Withdrawing consent
A visitor who previously accepted analytics may change the decision at any time. Two paths are available:
- On this site — scroll to the footer and activate the control. The banner will re-open and a new decision can be recorded. Declining at that point immediately returns GA4 to consent-denied mode and marks the analytics cookies for removal on the next page load.
- Global Privacy Control — browsers that
advertise the Global Privacy Control signal
(
navigator.globalPrivacyControl === true) are treated as having refused analytics. The cookie banner is not shown in that case, and analytics remain denied without a local record being written. Visitors who nevertheless wish to opt in may use the footer "Manage cookie preferences" control to override for a given browser profile. - At the browser level — visitors may clear site data, enable a Do-Not-Track signal, or install a content-blocking extension. The site will not circumvent these signals.
6. Retention
Event data inside the GA4 property is retained for the
shortest interval Google offers, subject to the retention
setting configured on the property at any given time. Older
aggregated data is purged by Google on the schedule set in
the property. This retention window applies identically to
standard pageviews and to the three custom events described
in Section 2 (cta_click, email_click,
and correspondence_open); no custom event is
retained on a longer schedule than the pageview data.
The consent decision itself is stored in the browser's localStorage for 365 days, alongside the policy version that was in force when the decision was recorded. After the 365-day interval — or sooner, if the policy version has been bumped in the interim — the banner re-prompts so the visitor may refresh or revise the decision.
If the visitor later rejects analytics through the footer "Manage cookie preferences" control, any existing Google Analytics cookies set under a previous acceptance are actively cleared from the browser as part of that action.
7. Cookies and local storage
The full inventory of data items the site may write to the visitor's browser is reproduced below.
| Name | Storage | Provider | Purpose | Duration |
|---|---|---|---|---|
_ga | Cookie | Google Analytics | Distinguishes unique visitors. Set only after consent. | 2 years |
_ga_C1V7MEQG8W | Cookie | Google Analytics | Persists session state for this property. Set only after consent. | 2 years |
rudeban.consent.v1 | localStorage | RudeBan (first-party) | Records the visitor's cookie-banner decision so the banner does not reappear every visit. | 365 days |
__cf_bm | Cookie | Cloudflare | Bot-management token issued by the hosting layer for abuse prevention. Classified as strictly necessary and not gated by the banner. | 30 minutes |
Cloudflare may set additional strictly necessary tokens for denial-of-service protection. These are operational, not analytical, and do not identify the visitor across sessions.
8. Person responsible
The site is maintained by a single individual acting in a personal capacity. For the purposes of PIPEDA and any other applicable regime, the site operator is the accountable person for personal information handled by the site.
Privacy requests — access, correction, deletion, withdrawal of consent, complaint — may be sent to [email protected]. This address is monitored by the site operator directly.
9. Changes to this policy
Every stored consent decision carries the policy version that was in force at the moment of the decision. When the policy changes materially, that version number is bumped and every prior consent decision is invalidated — the cookie banner re-prompts on the visitor's next visit so the renewed decision reflects the updated policy.
Non-material changes — clarifications, reformatting, added links to newly published regulatory guidance — do not trigger a re-prompt. The "Last updated" date at the top of this page reflects the most recent edit of any kind.