Christopher Mullins / Principal Product DesignerChristopher Mullins

Privacy

What this site collects — and what it does not.

This is a personal studio site, not a product with accounts. There is no ad network, no data broker, and no cookie-consent wall on v1. What follows is a plain-language summary of analytics, gated case access, and forms — updated as the stack changes. It is not legal advice.

Analytics

Aggregated reach measurement — not a profile of you across the web.

Public pages load two third-party analytics tools:

  • Google Analytics 4 (property G-5TBK1LQYDK) — page views, referrers, and custom events such as gate steps and audio milestones. Google may set cookies and process data under its own policies.
  • Microsoft Clarity — session replay and heatmaps to understand how pages are used. Clarity may record interactions on the page (clicks, scrolls). See Microsoft’s privacy statement.

There is no ad pixel, newsletter tracking pixel, or social embed that sets marketing cookies on v1. Staging uses the same scripts with debug-friendly event parameters where applicable.

You can block these scripts with a browser extension or network filter. There is no separate on-site consent banner while the public surface stays analytics-only without third-party embeds.

Password gate & cookies

Gated case depth needs a password — not an account.

Some portfolio depth lives at /work/.../full/ and similar routes behind a shared portfolio password. When you unlock:

  • WordPress sets a postpass cookie (wp-postpass_*, HttpOnly, ~10 days) so protected pages load without retyping the password every visit.
  • Site JavaScript may store unlock flags in localStorage (studio_gate_unlocked, studio_hp_gate_unlocked) and sessionStorage so bridge pages remember you in the same browser.
  • A magic access link from email sets the same cookie and storage keys when you open it.

These are functional cookies and storage for access control, not advertising. Clear site data in your browser to remove them. See the colophon for how public and gated content relate.

PAI chat

Questions you ask are processed to answer from this site’s corpus.

PAI (Portfolio AI) runs as a separate app on this domain. When you use chat or voice, your messages are sent to the server to retrieve relevant site content and generate a reply. That processing uses a hosted large-language-model API (third-party processor). Conversations are not sold or used for advertising.

PAI can unlock the same portfolio password inside an iframe (same cookie and storage keys as the main gate). Optional voice input uses your browser’s speech APIs; audio may be sent for transcription depending on configuration.

Do not paste secrets, government-classified material, or other people’s personal data into chat. The system is built for public portfolio context, not confidential intake.

Contact & access requests

Voluntary messages — stored in email, not a CRM.

Contact collects name, email, and message. Submissions are emailed to the operator via WordPress mail (SMTP). They are not stored in the WordPress database as post content. Retention follows the operator’s email provider.

Portfolio access requests (gate “request access” flow) collect email (and optional context) to send a confirmation link and, after approval, a password delivery email. Grant tokens are short-lived transients on the server. Rate limits apply per IP to reduce abuse.

Hosting & security

Standard web hosting — hardened, not harvested.

The site runs on AWS Lightsail (WordPress, Apache, HTTPS). Server and application logs (IP address, user agent, request path, timestamps) exist for operations and security. Wordfence provides firewall and login protection on WordPress. Email for forms and gate flows may route through Mailgun or SMTP as configured on the server.

There is no user account database for visitors. WordPress admin accounts are operator-only and never used to profile readers.

Your choices

You can use the public surface without unlocking anything.

  • Block analytics scripts with a browser or network tool.
  • Clear cookies and site storage to reset gate unlock state.
  • Skip PAI, contact, and access-request forms entirely.
  • Email via contact to ask what data was received from a form or access request.

This site is operated from the United States. Visitors may read from other jurisdictions; processing may occur on U.S. infrastructure and U.S.-based vendors listed above.

Updates

The stack changes — this page should stay honest.

Last updated June 2026. Material changes (new trackers, embeds, or data uses) will be reflected here. For how the site is built, see the colophon.

Questions: contact.