How NTLSN handles your data — the receipts
Most privacy pages are written by lawyers, about intentions. This one is written from the site's actual code, about behaviour. Every claim below can be checked with your browser's developer tools — and we tell you how.
Last verified against the code: 2 July 2026
01The promise
In plain English:
- We never sell your data. Nobody pays us for your attention: no advertising, no ad tech, no sponsored placement.
- We never track or profile you. There are no analytics scripts, no tracking pixels and no fingerprinting anywhere on this site, and our own code never sets a cookie. (One third party we embed could track you — the YouTube player. We call it out plainly in 3.4, because you deserve to know.)
- Your work stays on your device. Everything you write in our tools — passports, reflections, self-checks, plans — is saved only in your own browser's storage. There are no accounts, no logins and no user database. The only personal data NTLSN ever ends up holding is what you deliberately submit through a form (3.2) — a small moderation spreadsheet, not a database of visitors.
- Some things do leave your browser — a lookup you run, a form you submit, a video player a page loads. Every one of those cases is listed in section 3, with where the data goes. None of it is sent to a server we run; the one narrow backstop involving our host is disclosed in 3.2.
If this page and the code ever disagree, the code is the truth and this page is the bug — tell us and we'll fix whichever is wrong.
02What runs entirely in your browser
Our interactive tools save your work to localStorage — a storage area inside your own browser, on your own device. Pages read it back to restore your work; it is never placed in any network request and we never see it. Each tool has a Clear button, and you can wipe everything at any time via your browser's site-data settings. Exports (PDF, SCORM, JSON) are generated on your device as downloads.
| Tool | What it stores | Storage key |
|---|---|---|
| Homepage region choice | Whether you picked Australia or global view | ntlsn_region |
| Acknowledgement of Country strip | That you dismissed it (clears when the tab closes) | ntlsn_ack_seen (sessionStorage) |
| Start Here | The interest bubbles you picked | ntlsn_starthere_interests |
| Teaching Recognition Passport | Name, institution, discipline, ORCID iD, teaching philosophy, recognition entries | ntlsn_trp |
| Narrative CV builder | Name, role and your CV narrative drafts | ntlsn_narrative_cv_v1 |
| Learning modules | Which modules you completed, plus your written reflections | ntlsn_lm_done_v1, ntlsn_lm_reflect_* |
| Reflective Coach | Your saved reflections; and, only if you opt in, your bring-your-own-AI settings including your API key (see 3.5) | aletheia_*, aletheia_model |
| Recognition GPS | Your ORCID iD — only if you tick "Remember my iD on this device" | ntlsn_gps_orcid |
| Crash-course self-checks | Which items you ticked | ntlsn_selfcheck |
| Casual teaching checklist | Checklist ticks | ntlsn_casual_v1 |
| TEQSA readiness | Your red/amber/green self-ratings | teqsa_rag |
| Sessional recognition wallet | Activities, hours, dates and notes you log | ntlsn-sessional-wallet-v1 |
| Constructive alignment matrix | Your outcomes and assessment items | ntlsn-ca-matrix-v1 |
| Programme map | Your courses and programme learning outcomes | ntlsn-prog-map-v1 |
| School needs diagnostic | Your answers and ranked results. Saved in this browser only today — but this tool's save code is built to talk to a future shared NTLSN back-end. If that ever goes live, saving would send results off your device, and this page will be rewritten before that switch is flipped. | shared:ndiag:* |
| Widgets board | Which widgets you enabled (the list of widget IDs, nothing else) | ntlsn_widgets_v1 |
Most search is client-side. The homepage site search filters data already built into the page; the archive, best-practice, tools and prompts searches filter JSON files fetched from ntlsn.com itself. Your keystrokes in those boxes never leave your browser. Two kinds of search are different, deliberately: the scholarly research tools, and the OER search box on the homepage, which sends your query to OER Commons — both spelled out in 3.1.
03What leaves your browser, and when
This is the complete list. In every case the request goes straight from your browser to the service named — and, like any web request, the receiving service sees your IP address and browser signature.
3.1 Public scholarly lookups → OpenAlex, ORCID, DOAJ, OER Commons
When: you paste an ORCID iD into ORCID Start, the SoTL Index, SoTL Wrapped, Recognition GPS, Publication Profile or Academic Home; or you run a search in Research Search or the Journal Finder, check DOIs in the OA Finder, or use the OER search box on the homepage.
What's sent: exactly what you typed — the iD, query or DOIs — direct from your browser to OpenAlex (opens in new tab) (run by the non-profit OurResearch), ORCID (opens in new tab), DOAJ (opens in new tab), or (in a new tab, as part of the web address) OER Commons. These are public, open scholarly databases; the lookups return public records. Those services see your IP address alongside what you typed, and may keep their own logs.
3.2 The share & register forms → a Google Sheet our moderators read
When: you press submit on any of the three forms that are live on the homepage today: share a symposium (institution, symposium title, link, email, type), the peer-review exchange (name, email, institution, discipline, preferences), and the students-as-partners registry (institution, program, level, URL, name, email).
What's sent: the fields you typed — including your email address if you choose to give it — to a Google Apps Script, which stores them in a Google-hosted spreadsheet. A human moderator reads it before anything appears on the site. Used only for curation and to say thanks; never for marketing, never sold. Google is the processor (Google's privacy policy (opens in new tab)). This spreadsheet is the one place where NTLSN itself holds personal data you typed.
3.3 Automatic homepage requests → Google Apps Script
When: the homepage loads — no typing, no clicking. Four small requests go to script.google.com: the "shared symposiums" feed, the "latest from the sector" feed, and two registration counts, all served by the same Google Apps Script that holds moderated submissions.
What's sent: nothing you typed — but Google's servers see the standard request metadata (IP address, browser signature) for every homepage visitor, as with any page that loads a remote resource. If "no request to Google at all" matters to you, that's a reason to know this — which is why it's listed.
3.4 Embedded video → YouTube / Vimeo
When — and this part needs no click from you: the homepage pre-opens connections to three YouTube/Google domains as it loads, video thumbnail images load from YouTube's image servers with the page, and the homepage showcase video currently loads and autoplays from www.youtube.com as soon as it scrolls into view. Other videos on the site load when you play them.
What's sent: the standard player and image requests. Because the homepage embed uses the full www.youtube.com player (not the privacy-enhanced one), YouTube can set its own cookies, may recognise a signed-in Google account, and can use the visit in Google's profiling, under Google's privacy policy (opens in new tab). Vimeo players appear on some pages too and can likewise set cookies, under Vimeo's policy (opens in new tab).
Being straight with you: this is the one place on ntlsn.com where a third party could track a visitor who typed and clicked nothing. Our own embed-code generator already uses and recommends YouTube's privacy-enhanced (youtube-nocookie) player (opens in new tab) — moving the homepage embed to it is on our list, and until it's done, "never tracked" is a promise about our code, not YouTube's.
3.5 Reflective Coach — only if you connect your own AI → the endpoint YOU configure
Default: fully local. Your reflections are saved in this browser and sent nowhere.
If you opt in with your own OpenAI-compatible endpoint and API key: while it's enabled, each answer you submit is sent verbatim to that endpoint, with your key, under that provider's terms — never to NTLSN. Your previously saved reflections are never sent, only the answer you just wrote. Your key is stored unencrypted in this browser's localStorage (aletheia_model): don't enable this on a shared machine, and clear it when you're done.
3.6 Things you click that open elsewhere → your choice, your client
"Add to Google Calendar" links in the conference finder carry only the public event details, and only when you click them. Contact and "share your session" buttons open your own email app with a pre-filled draft — nothing is sent unless you send it. External resource links leave the site in the ordinary way.
Built but switched off: the code also contains an email-subscribe form (Buttondown) and a founders-circle form, both currently disabled — their endpoints are empty, so they send nothing today — and two unconfigured serverless function stubs (ORCID sign-in, Zoom) that store nothing. If any of these are ever switched on, this page gets rewritten first. That's the rule this page exists to enforce.
04What we don't have
- No accounts or logins — there is nothing to sign up for, so there is no user database to breach, sell or subpoena.
- No analytics scripts — no Google Analytics, no Plausible, no Hotjar, no Matomo, none. Search the source of any page. (Our host gives us aggregate, cookieless page counts server-side — section 5.)
- No ad tech or pixels — no advertising, no retargeting, no social-media beacons.
- No NTLSN cookies — our own code never sets a cookie. The YouTube and Vimeo players in 3.4 are the only cookie-capable third parties we embed, and they're disclosed.
- No third-party scripts in our pages — every script tag on this site loads from ntlsn.com; our Content-Security-Policy (opens in new tab) allows script files from ntlsn.com only, so a script file from any other domain would be refused. (The YouTube and Vimeo players in 3.4 run their own scripts inside their own frames — that's what an embed is.)
Two honest technical caveats about that policy, because a receipts page shouldn't oversell its own armour: it currently allows inline scripts ('unsafe-inline' — our tools are built as self-contained pages), so it is not a defence against a script injected into a page; and it does not yet restrict where a page may connect (connect-src 'self' https:), so the "what leaves" list above is enforced by the code itself — which is public and inspectable — not yet by the browser. Tightening both is on our list, because a promise the browser enforces beats a promise you have to take on trust.
05Hosting
ntlsn.com is a static site served by Netlify (opens in new tab). There is no NTLSN application server holding user data. Like every web host, Netlify keeps standard server logs (IP address, browser signature, URL requested) to serve and secure the site, retained under Netlify's own policy — that's the host's baseline, not something we can switch off. We use Netlify's server-side Web Analytics, which is cookieless and adds nothing to the page: it gives us aggregate page counts derived from those logs. We can see that a page was read; we cannot see who read it — and that's how we want it.
06Questions
Who we are and why NTLSN is free is on the about page. If you have a privacy question, or you've found something this page doesn't disclose, email hello@ntlsn.com — we treat a gap on this page as a bug and we'll fix it.