Independent reviews since 2014 · As an Amazon Associate we earn from qualifying purchases.
C Countertop Advisor Reviews · Guides · Care
Legal

What data this site collects — and what it doesn't.

A short, readable privacy policy for 2026. We collect three things. We never sell or share them. We don't license our user data to AI training. You can ask for your data back, correct it, or have it deleted within 30 days.

Last reviewed May 11, 2026 · GDPR · CCPA/CPRA · 20-state compliant · No AI training · No behavioral tracking
At a Glance

The whole policy in one paragraph

We collect anonymous analytics (country, browser, screen size, pages viewed). If you sign up for the newsletter, we store your email address until you unsubscribe — which deletes it. If you email us, we keep the conversation until it's resolved (typically up to 6 months). We do not run behavioral advertising, do not use retargeting pixels, do not sell or "share" data in the CCPA sense, do not license data to AI companies for training, and do not engage in automated profiling. The only third parties that touch any data from your visit are the small set of vendors needed to run the site (analytics, newsletter delivery, font CDN, and Amazon affiliate tracking when you click an outbound affiliate link). You can ask for, correct, port, or delete your data anytime through the contact form. We honor Global Privacy Control (GPC) signals automatically.

"If you can't read a privacy policy in under three minutes and understand exactly what happens to your data, the policy is hiding something. This one isn't." — The Editors
What We Collect

Three things — and only three things

If it's not on this list, we're not collecting it. We don't collect any "sensitive personal information" as defined under CPRA (no biometrics, precise geolocation, government ID, health, financial account, or contents of private communications).

1

Anonymous analytics

When you visit a page, our analytics tool records your country, browser, screen size, the page you viewed, and the page you came from. It does not record your name, your full IP address (IP anonymization is on), or anything you typed into a form. Retention: 14 months, then automatically purged.

2

Newsletter subscribers

If you give us your email through the newsletter form, we store it so we can send the weekly digest. We never sell, rent, share, or license it. You can unsubscribe with one click at the bottom of every email — your address is immediately deleted from our list. Retention: until you unsubscribe.

3

Contact form messages

Our contact form opens your own email client with the message pre-filled — nothing is stored on our server during submission. Once you press Send, we keep the email thread until the conversation is resolved (typically up to 6 months), then it's deleted from our inbox.

AI & Data Licensing

We do not license user data to AI companies

A 2026 question that deserves its own section.

The data we hold about you — your email address, the conversation you may have had with our editors, the analytics signals from your visit — is never sold, traded, or licensed to AI model developers, data brokers, or third-party AI training pipelines. We use one analytics vendor (described below) and one email delivery vendor, both of which have contractual prohibitions on using your data to train AI models, and neither receives anything beyond what's strictly necessary for their job.

Published article content is different. Public web content (the articles on this site that anyone can read) may be crawled by search engines and AI training crawlers. We publish a robots.txt and an ai.txt stating our preferences, but those preferences are not legally enforceable everywhere. We mention this so you know the distinction: your data stays with us; our published content is on the open web.

We don't use generative AI on user inputs. Your contact form message and newsletter email address are not run through any LLM or AI service. The only humans who read them are the three editors named on the about page.

Cookies & Local Storage

What's stored in your browser

Two cookies. That's it.

  • Strictly necessary

    A session cookie that remembers whether you've dismissed the cookie banner. Without it, you'd see the banner on every page. That's the entire purpose.

  • Analytics

    Our analytics tool may set a cookie to distinguish unique visitors from repeat ones. You can disable this in your browser without breaking the site. Nothing depends on it. Sending a Global Privacy Control (GPC) signal — most modern browsers and privacy extensions support this — automatically disables it.

  • What we do NOT use

    No behavioral advertising cookies. No retargeting pixels. No Facebook Pixel, no Google Ads tracking, no LinkedIn Insights, no TikTok Pixel, no Meta Conversions API, no fingerprinting libraries. No third-party tracking scripts beyond the analytics tool above and standard Amazon click-tracking when you click an affiliate link to amazon.com.

Third Parties

Everyone who touches data from your visit

Four vendors. No data brokers, no AI training partners, no advertising networks.

A

Amazon

When you click an affiliate link to amazon.com, Amazon receives the standard referral information needed to credit the sale to our Associates account. They do not receive your data otherwise. Their privacy notice governs their handling after the click.

B

Newsletter delivery

Our weekly digest is delivered by a transactional email provider that stores the address you submit so we can send the email. They are GDPR-compliant, do not use your address to train AI, and are contractually prohibited from sharing it with anyone.

C

Analytics provider

Receives anonymous pageview data — country, browser, page URL. Does not receive your name, email, or any form input. IP anonymization is enabled. GPC signals are honored. No cross-site tracking.

D

Google Fonts

Serves the typefaces this site uses (Fraunces and Inter). Google's font CDN receives your IP address as a standard HTTP request, but we do not transmit any other data to it. Where required by EU law, we self-host the font files to avoid this transfer.

Your Rights

What you can ask us to do

We comply with GDPR (Europe), the UK GDPR, Canada's PIPEDA, and the comprehensive state privacy laws now in effect in California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, Tennessee, New Jersey, New Hampshire, Indiana, Kentucky, Maryland, Minnesota, Nebraska, and Rhode Island — and any others that follow.

  • Know what we have

    Request a copy of every piece of data we hold about you. Email us through the contact form and we'll send it within 30 days. Usually that's just your newsletter subscription and any contact form messages.

  • Correct anything that's wrong

    If anything we have about you is inaccurate, ask us to fix it. New right under most state laws.

  • Port your data

    Get your data in a portable, machine-readable format (JSON or CSV) so you can take it elsewhere.

  • Delete everything

    Ask us to delete every record we have about you and we'll do it within 30 days. Confirmation goes back to the same email so you have a record.

  • Opt out of "sale" or "sharing"

    We don't sell or "share" data in the CCPA/CPRA sense — but you have the right to confirm that and to opt out preemptively. Sending a Global Privacy Control (GPC) signal in your browser triggers this automatically.

  • Unsubscribe from the newsletter

    One-click link at the bottom of every email. Your address is immediately removed from our list.

  • Opt out of analytics

    Disable analytics cookies in your browser, send Do-Not-Track or Global Privacy Control signals (we honor them), or use a privacy-blocking extension. Nothing on the site breaks when you do.

  • No retaliation, ever

    We will never charge you, degrade your experience, or refuse service because you exercised a privacy right. That's a CCPA/CPRA requirement and our own policy.

Security & Retention

How we protect what we hold

Encryption. All connections to this site use HTTPS with modern TLS. Our newsletter list and contact email archive are stored with vendors that encrypt data at rest and in transit.

Access. Only the three editors named on the about page have access to the inbox and newsletter list. There is no marketing team, no third-party data analytics consultant, no offshore data processor.

Retention. Analytics data: 14 months. Newsletter addresses: until you unsubscribe. Contact email threads: up to 6 months after the conversation closes. We delete on schedule even if you don't ask.

Breach notification. If a security incident affects your personal data, we will notify you and the relevant regulator(s) within 72 hours of discovering it, as required by GDPR and equivalent state laws. We will tell you what happened, what data was involved, and what we're doing about it.

International Visitors

If you're outside the United States

This site is operated from the United States. If you visit from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with cross-border transfer requirements, your data is processed in the US under appropriate safeguards — Standard Contractual Clauses (SCCs) with our vendors where required, and our own commitment to honor GDPR rights regardless of where you're located.

The lawful basis for our processing under GDPR is: consent (newsletter sign-up, analytics cookies where opted in), and legitimate interest (responding to contact form messages, running anonymous analytics on opted-in visitors). You may withdraw consent at any time via the rights listed above.

EU/UK representative. We do not target the EU or UK markets and do not maintain a formal EU representative under Article 27 GDPR. If you are an EU/UK resident with a privacy concern, contact us directly through the contact form — we respond to all GDPR requests regardless of your location.

Fine Print

Children, profiling, changes, and contact

Children under 13. This site is intended for adults considering a kitchen renovation. We do not knowingly collect personal data from anyone under 13 (per COPPA in the US, and parallel age thresholds in other jurisdictions). If you believe a child has submitted information through this site, contact us and we'll delete it immediately.

Teens 13–17. We do not knowingly target users under 18, do not run targeted advertising at all, and do not process minors' data for any "design feature" that California's Age-Appropriate Design Code would consider harmful. We do not require an age check because we do not run advertising or recommend products that depend on age.

Automated decision-making and profiling. We do not use any automated decision-making, scoring, segmentation, or profiling on visitors or subscribers. Every editorial decision and every reply you receive is made by a human.

Changes to this policy. If we change this policy materially — a new data collection, a new third party, a new use case, a change in AI policy — we'll note it at the top of the page with the date and a one-line summary of what changed. Material changes that affect newsletter subscribers will also trigger a notification email. Minor edits (typos, clarifications) won't get a separate note, but the "Last reviewed" date at the top of this page will always reflect the most recent change.

Contact. For anything in this policy — questions, data requests, deletions, corrections, GDPR rights — use the contact form. We respond within five business days, usually faster.

Have a privacy question we didn't answer?

Ask us. We'd rather get an extra email than have a reader wondering about something we should have made clearer.

Contact us Read editorial standards