Privacy

I really don't like how services hide what they're doing inside long usage agreements and privacy policies. The standard pattern these days is forced-arbitration clauses, vague claims about “partners,” opt-out mechanisms buried four pages deep, and dark-pattern consent flows. watts.bar is a passion project, and this privacy policy is written by me, a guy who lives on the lake and wants to provide a useful service to the community, not by a lawyer trying to obscure what's actually happening. If you want the technical specifics on how the site is built, those live at /about-this-site/.

The short version

I don't keep your personal information. There's no account system here, nothing to sign up for, no email list, no advertising relationship, and nothing's being sold or shared with anybody. What I see is roughly how many people use the site and which pages they find useful. That's the whole picture.

Why this is even worth saying

watts.bar is a personal project I run from a private dock at Tennessee River Mile 559.5. The site is free, has no ads, and there's nothing to log into. I built it because a 39,000-acre lake with thousands of families on it deserves a real public-information resource, and nobody else built one that meets my quality standards.

The privacy posture follows from that. Most websites today collect every piece of behavioral data they can. They want to know what you clicked, where you came from, where you went next, what you typed in a form before deleting it. Then they feed it to Google, Facebook, and the wider ad-tech network. I built watts.bar specifically to avoid doing any of that. It cost more time to build it this way; that's the point.

What I collect

Cloudflare zone analytics. Cloudflare is the CDN (content delivery network) that serves every page on this site. In plain English, they sit between visitors and the actual server where the site is built, with copies of every page cached at data centers around the world so that wherever you're loading from, the page comes back fast.

As part of doing that, Cloudflare shows me a dashboard with generalized stats: how many requests were served, how much bandwidth was used, what countries the visitors came from in aggregate, which pages got the most traffic. None of it ties back to a specific person or browser. It's the same kind of summary a hosting provider has shown website operators for thirty years. Underneath the dashboard, Cloudflare's edge keeps short-term request logs (IP, browser, path) the way every web server on the internet has done since the 1990s. Those logs are operational, not something I review or use, and they age out automatically on Cloudflare's retention schedule.

Self-hosted Plausible analytics. Plausible is an open-source, privacy-respecting alternative to Google Analytics. I run my own copy on hardware I physically own, sitting in a rack at my house. The data flows from the site to that hardware encrypted and tunneled through a VPN, which means not even the home internet provider I use (Xfinity, with T-Mobile cellular as a backup) sees what's passing through the wire. No third party (no analytics SaaS company, no cloud host, no ISP) has any visibility into the data. It's about as locked-down a setup as you can build for a small project; effectively the best-case scenario for keeping a website's analytics out of anyone else's hands.

What Plausible actually tells me is things like “how many people looked at the Watts Bar fishing guide this week” and “which page is the most popular landing point from search engines.” It doesn't use cookies, doesn't store anything on your device, doesn't follow you across other websites, and doesn't follow you across days. It's specifically designed as the answer to the question, “How can I get useful insights on my own website to make it better, without exposing visitors to having all of their information harvested by Google or Facebook?”

One nuance worth saying out loud, because I'd rather over-explain than gloss over it. To count how many different people visited a page on a given day, Plausible takes a few pieces of information about your visit (your IP address, what kind of browser you're using, the website's domain) and mixes them with a random key that changes every 24 hours and then gets deleted. The result is a short coded ID that lasts just long enough to do the daily count, telling Plausible “this is one visitor, not two” if you load three pages in a row.

Because the key resets every 24 hours, the same person on the same browser produces a completely different ID tomorrow. The ID is also per-site, so it can't connect a visit here to a visit anywhere else on the internet. None of it lands on your computer or in your browser. It's about as light a touch as you can have while still counting visitors meaningfully, and it's the one technical asterisk on this page I want to be upfront about.

If you want to read more about how Plausible works, their page on privacy-focused web analytics is written in a similar plain-English style and goes deeper than I do here.

Browser local storage. Two small bits of data live in your browser only and never travel anywhere. The most recent lake-tint color, so the page doesn't flash a wrong color before the live cam image loads. The most recent live temperature reading, so the chip in the corner of the header shows something instead of a dash on first paint. Both can be cleared at any time via your browser's site-data controls. I can't see them.

If you install the site as a PWA. PWA stands for Progressive Web App. Modern browsers can install certain websites onto your phone or computer as if they were native apps; on watts.bar, that's the “Add to Home Screen” option on iOS or the install prompt on Android and desktop Chrome. When you do that, the browser caches more of the site locally so it can launch faster and work even when your network is bad. I have nothing to do with this cache. I can't see what's in it. You can clear it at any time through your phone's app management or your browser's site-data controls. I also don't care what's in there. It's your device, not mine.

What I don't collect

The closest thing to an ad anywhere on watts.bar is the link on the homepage to my Airbnb on the lake. That link doesn't have an affiliate code on it. Plausible does count outbound clicks as part of measuring how people leave the site, so I can technically see “someone clicked the Airbnb link this week” as a number on a dashboard. What I can't see is whether that person actually booked the cabin, who they were, or anything else. The cabin is booked up most of the time anyway. I run watts.bar to make the lake a better place to visit, not to drive cabin bookings.

About the cam audio

People are on cameras everywhere now. It's hard to leave your house and walk through a grocery store without being on a thousand different ones. The cat's pretty much out of the bag on that.

But there's still a reasonable expectation that if you're on a fishing boat in front of my dock, talking to your buddy or on the phone or whatever, that conversation isn't being broadcast onto the internet. So I've gone to some lengths to make sure it isn't.

The audio you hear on watts.bar (and on the YouTube live stream) runs through a privacy filter that removes speech. There's a side effect: the camera feed is tape-delayed by about two and a half minutes so the filter has time to do its work. For a website people mostly look at to see what the weather's like, that doesn't matter.

The technical version of how the filter works lives on /about-this-site/. The why is just: I want to respect people's privacy.

About Google Places photos and POI data

This one needs a small explanation, because it could otherwise look like a violation of everything above.

The /eat/, /marinas/, /boat-ramps/, and similar directory pages show data and photos from Google Places. I use Google Places as a research source to keep the directory accurate. But I've gone out of my way to build the site so that Google never knows what you, the visitor, are looking at while you're on watts.bar.

Here's how that works in plain English. Every few weeks, the watts.bar server makes a batch call to Google's Places API, refreshes the directory, saves the results to my own storage, and then serves the saved version from my own infrastructure. Your browser only ever talks to watts.bar. It never talks to Google. Google has no idea you're reading the page about Blue Springs Marina, no idea you live in Tennessee, no idea you're considering a fishing trip. They got their batch query a few weeks ago, gave me the data, and they're done.

The easy way to build this would have been to embed Google's tracker on every page. I didn't.

The four external things your browser does connect to

I've been pretty hardline about not letting your browser phone home to anyone. Fonts, scripts, icons, the video player, all of it lives on watts.bar's own servers. There are four corners of the site where I genuinely can't avoid an external connection, and I'd rather list them out than pretend they don't exist. These are literally the only external services your browser will ever talk to while you're on this site.

That's the complete list. If a future change adds a new external connection, this list updates with it. There are very few websites on the internet that have a list this short and specific.

If you use the contact form

If you send a message via the contact form, it gets piped into a private Discord server that only I have access to. The server is locked down with the same boundary controls as the rest of the infrastructure on the site. Strictly speaking, this is the one corner where your message touches a third-party service, so it's worth saying out loud: while it's in transit and stored on Discord's servers, Discord's own privacy terms apply. Their policy is at discord.com/privacy. After that, the message lives only in the alerts channel I read.

The email field on the form is optional. If you don't fill it in, your message is as anonymous as you want it to be. I can't reply if there's no email, but that's a fair trade-off if you're just dropping a tip about a marina that closed or a phone number that's wrong. If I do reply, the reply itself goes out through my Gmail account, which means it passes through Google's mail infrastructure on its way to you. That's true of any email anywhere on the internet, but worth being explicit about given the rest of this page.

I delete contact-form messages from Discord after I've acted on them. The alerts channel stays clean that way, and the practical effect is that most messages are gone within a day or two. If you'd like an older one removed (or if you live somewhere that gives you a legal right to that, like the EU or California), reach out and I'll confirm the deletion. But realistically, the answer to “what information do you have about me” is effectively nothing. The message has almost certainly already been actioned and deleted by the time you're asking, and ironically enough, the only thing that will need to be deleted is your message telling me to delete your messages.

About GDPR, CCPA, and other privacy regulations

If you're visiting from the EU, the UK, California, or one of the other places with serious privacy laws on the books: those laws were written for sites that broker data, build behavioral profiles, and sit inside the ad-tech ecosystem. None of that happens here. So the laws are aimed at problems watts.bar doesn't have.

That said, you have whatever rights those laws give you against any operator. If you'd like me to delete a contact-form message you sent, reach out and it's done. If you'd like to know what I have on file about you, the answer is almost certainly nothing, but you're welcome to ask.

Children

watts.bar doesn't knowingly collect information from anyone, including children under 13, and there's no signup process to age-gate. The COPPA-style protections don't really come into play here. But COPPA is serious federal legislation, and I'd rather over-comply than fall short, so the next paragraph is the formal statement that exists to satisfy the actual requirement. It's the one paragraph on the whole page that sounds like a lawyer wrote it, and that's deliberate.

watts.bar is a general-audience website that is not directed at children under 13. The operator does not knowingly collect, use, or disclose personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information through this site, contact the operator (Eli Hodapp) via the contact form, and any such information will be deleted promptly. This commitment is made under the Children's Online Privacy Protection Act of 1998 (15 U.S.C. §§6501–6506) and accompanying regulations (16 CFR Part 312).

Changes to this policy

I'll update this page if anything material changes, and note the date below. But realistically, this is a passion project that reflects what I value as a member of the open-source community. Eventually I'll likely release the source code that powers this site for free, so other people can run their own versions focused on their own areas. I just need to find time to make the codebase less embarrassing first. My personal projects are built prioritizing speed of feature releases, not readable or reasonable code that someone else could learn anything from other than what code written by an idiot looks like, and GitHub is full of way better examples of that if you're into it.

Nothing on this site is for sale. I'm not interested in selling. There's no motivation to ever change anything foundational about how privacy works here. If anything, the trend will be toward more transparency, not less. Don't expect to come back in three years and find a 4,000-word lawyer-written document where this one used to be. The full change history of the policy lives in the site's git history, which is permanent.

Questions

Questions about privacy go to me through the contact form.

Last updated: 2026-05-02.