Recent change worth naming directly

As of 2 May 2026, no third-party server sees your IP address before you accept cookies.

The publication previously loaded its two web fonts (EB Garamond and Inter) from Google Fonts on every page-load. That meant Google saw the visitor's IP and which page on this site requested the font, on every visit, before the cookie banner asked for consent. The publication discovered this gap during a render-correctness audit on 2 May 2026 and closed it the same day by self-hosting the font files from this domain. As a result: a visitor who lands on any page of the publication, before clicking the cookie banner, now sends zero requests to any third-party server. If the visitor declines cookies, the site continues to render correctly with the intended typography (because the fonts are now served from this domain and have nothing to do with consent), and the visitor's IP remains invisible to any third party for the entire session. The detail and the rationale are in the "Other data flows" section below; this box exists because the change is worth naming directly rather than burying.

The short version

One thing is tracked: anonymised page views, via Google Analytics, only after you click OK on the cookie banner. Nothing else. No advertisers. No tracking pixels. No third-party fonts, scripts, or widgets — the typography is now served from this domain directly. The share buttons set no cookies and the publication does not see when they are clicked.

What the site does

The Longer Look uses Google Analytics (measurement ID G-CYRL9TRZSQ) to count how many people visit each page and which pieces are most read. The Google Analytics tag is loaded only after you click OK on the cookie banner that appears on your first visit; until you click OK, no tag is loaded, no cookie is set, and no event is sent. Your IP address is anonymised before it leaves your browser, so Google Analytics never receives the precise IP address. Google Analytics retains the data for 14 months by default and processes it in the United States under the EU-US Data Privacy Framework with the UK extension. The publication's author can see aggregate statistics — page views per piece, country-level visitor location, referrer source — but not anything that identifies you as an individual.

What the site does not do

No advertising of any kind, ever. No third-party advertising networks. No retargeting pixels. No Meta Pixel, no LinkedIn Insight tag, no X tracking pixel, no TikTok pixel. No email-collection forms, no newsletter signup, no popup overlays. No comments section. No account system. No login. No cross-site tracking. No fingerprinting attempts. No third-party fonts, scripts, or widgets — the publication's typography (EB Garamond and Inter) is served from this domain directly, not from Google Fonts or any other third-party CDN, so no font request leaks the visitor's IP to a third party before consent. The publication makes no money from this site and is not trying to. The only third-party request the site makes is to Google Analytics, and it is consent-gated — loaded only after the cookie banner is accepted.

The share buttons specifically

Every article and every major top-level page has a share bar at the foot, with five buttons: Copy link, Post on X, LinkedIn, Email, and (on devices that support it) a system Share… button. None of these set a tracking cookie, and the publication does not see when you click them.

Copy link uses the browser's clipboard API to copy the page's URL to your clipboard. Nothing is sent to any server. Post on X and LinkedIn are plain links that open the destination platform's share-compose page in a new tab, with the page title and URL pre-filled in the URL itself; the publication does not load X's or LinkedIn's tracking widgets, and the only data those platforms see is the URL you arrive at, which they would see whether or not you came from this site. Email is a mailto: link that opens your default email client with the subject and a short body pre-filled. The system Share… button uses the browser's built-in Web Share API, which routes the share through your operating system's share sheet without involving any third-party server.

Putting that plainly: when you click a share button on this site, the publication itself sees nothing. What you do next on X, LinkedIn, or in your email client is between you and that platform.

The cookie banner

The cookie banner appears once, on your first visit. If you click OK, your choice is recorded in your browser's local storage (under the key tll-consent, value granted) and the Google Analytics tag is loaded for that session and on future visits. If you click No thanks, your choice is recorded under the same key with value denied, no tag is loaded, and the banner does not appear again. To revisit the choice, click Cookie settings in the footer of any page; the banner will reappear and you can change your answer. To reset entirely, clear your browser's local storage for this site.

Other data flows you should know about

The site is hosted on Cloudflare Pages. Cloudflare sees standard HTTP request metadata for every request: the IP address of the visitor, the page requested, the user-agent string, and request timing. Cloudflare uses this for bot mitigation, content delivery, and security. Cloudflare's privacy policy sets out their handling. The publication does not have access to Cloudflare's logs at the request-level; Cloudflare offers aggregated traffic statistics in its Pages dashboard which the author can view but which do not identify individual visitors.

The publication's typography uses two fonts — EB Garamond (body text, headings, italic body) and Inter (chrome and UI labels) — both licensed under the SIL Open Font License 1.1, which permits redistribution and self-hosting. The font files are served from this domain (/assets/fonts/), not from Google Fonts or any other third-party CDN. This is a deliberate change made on 2 May 2026: the site previously loaded the same fonts from fonts.googleapis.com and fonts.gstatic.com, which meant Google saw the visitor's IP via the font request before the cookie banner asked for consent. Self-hosting the fonts closes that gap. The font licences are bundled at /assets/fonts/EB-GARAMOND-LICENSE.txt and /assets/fonts/INTER-LICENSE.txt for transparency. The CSS fallback chains ('EB Garamond', Georgia, serif and 'Inter', sans-serif) mean the page renders correctly with system fonts if the font files fail to load for any reason.

Inbound links from external sites — links from search engines, social platforms, other websites, AI tools — pass a referrer header to this site, which Google Analytics records as the referrer of the visit. The publication does nothing further with referrer data beyond aggregate analytics.

Your rights

The publication's data controller is Doug Scott, a private individual based in the United Kingdom, contactable via the email on the about page, through any of his other public-facing sites (themanybuilders.com, ifthisroad.com, orphans.ai, theheld.ai, thebearwasright.com, thebearloved.com), or via LinkedIn. Under UK GDPR you have the right to access, correct, or delete your data, withdraw consent at any time (clear your browser storage for this site to do so, or click Cookie settings in the footer), and complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint.

Changes to this page

If the publication adds, removes, or changes any tracking, this page is updated and the change is logged on the corrections page with date and reason, the same way every other substantive change to the publication is logged. The standing commitment is that this page is the canonical record of what the site does, and it is kept current.