Unofficial mirror of City of Portland content. Always verify with the official source. View original ↗

Privacy policy

Last updated: 2026-05-04.

This is the privacy policy for pdx-budget-viewer.pages.dev (the “mirror”), an unofficial read-only mirror of public content from the City of Portland, operated by Oxbow Software / Yex Labs (the “operator”). If anything below is unclear, email chris+portlandgov@yex.ai.

Plain-English summary: this site uses PostHog ↗ to record analytics events and session replays. A session replay is a near-frame-by-frame reconstruction of your visit: mouse movement, scrolling, clicks, the contents of pages as you saw them. The operator can effectively watch a video of your time on the site. There is no login, so this is tied to a randomly generated anonymous ID, not to your real identity — but it is still a detailed behavioral record. If that is not OK with you, see opt out below.

What we collect

When you load a page on the mirror, the PostHog browser SDK collects:

  • Page views. The URL you visited, the page title, the referring page, and timestamps.
  • Device and connection metadata. Your IP address (used by PostHog for approximate geolocation — country, region, city), user-agent string (browser, OS, device type), viewport size, screen resolution, timezone, and preferred language.
  • Autocaptured interactions. Every click, form interaction, scroll, and rage-click. For clicks this includes the element’s tag, classes, ID, and visible text label.
  • Session replays. A reconstruction of your session, including mouse movement, scroll position, clicks, keystrokes on non-input elements, and the rendered DOM (the text and structure of the page as you saw it). Form input values are masked by PostHog’s defaults, but the rest of the page is captured verbatim. There are no passwords or payment fields on this site.
  • Errors. Uncaught JavaScript exceptions and stack traces, used to debug the mirror.
  • An anonymous identifier. A randomly generated distinct_id stored in a first-party cookie / localStorage entry on this domain. It lets PostHog stitch your page views and replays into a single session. It is not linked to your real-world identity unless you choose to email us with it.

The mirror does not collect names, email addresses, phone numbers, payment details, account credentials, or government-issued IDs — because there is nothing on the site that asks for them. If you email the operator, your email address is collected by virtue of having sent the email.

Why we collect it

  • To understand which mirrored documents and pages get used, so the operator knows what is worth refreshing.
  • To debug rendering and link-rewriting bugs in the mirror.
  • To detect abuse (e.g. someone hammering the site with a scraper).
  • Out of curiosity. The operator runs this site for free and finds the data interesting.

Who processes the data

  • PostHog Inc. — analytics, session replay, and error tracking processor, US Cloud (us.i.posthog.com). See PostHog’s privacy policy ↗ and DPA ↗.
  • Cloudflare Pages — static-site host. Cloudflare sees the IP addresses and user-agents of every request and may retain edge logs per its standard policies. See Cloudflare’s privacy policy ↗.
  • The operator (Oxbow Software / Yex Labs) is the data controller for the PostHog project that receives this data.

The operator does not sell your data, does not share it with advertisers, and does not use it for any cross-site profiling. It stays in the operator’s PostHog project.

Cookies and local storage

The mirror sets one first-party storage entry:

  • ph_<token>_posthog — a cookie / localStorage entry holding your anonymous PostHog distinct_id, session ID, and feature-flag state. Used by every PostHog feature above.

No third-party cookies are set by the mirror itself.

How long it’s kept

The mirror uses PostHog’s default retention windows. As of this writing those are roughly:

  • Session replays: 30 days, then deleted.
  • Events (page views, clicks, errors): up to 7 years.

PostHog can change those defaults; the PostHog data-retention docs ↗ are the authoritative source for current values.

Opt out

You have several options, ordered from least to most aggressive:

  1. Click the button below to tell PostHog to stop capturing on this device. This sets a flag in your browser’s local storage; PostHog will respect it on every subsequent page load on this site, until you clear browser data for this domain.

  2. Block PostHog at the network layer with a content blocker (uBlock Origin, Privacy Badger, NextDNS, Pi-hole, etc.). Block requests to us.i.posthog.com and us-assets.i.posthog.com. The mirror will still load; you simply won’t be tracked.
  3. Don’t use the mirror. Use portland.gov ↗ directly — it is the source of truth and the mirror exists only as a navigability convenience.

Do Not Track and Global Privacy Control

The mirror does not currently honor browser DNT or GPC signals automatically. Use one of the methods above instead. The operator may add automatic GPC honoring in the future.

Your rights

Depending on where you live (GDPR in the EEA / UK, CCPA / CPRA in California, similar regimes elsewhere), you may have the right to access, correct, delete, or export the data the operator holds about you, and to object to or restrict processing.

To exercise any of these rights, email chris+portlandgov@yex.ai with your PostHog distinct_id. You can find this ID in your browser’s devtools: ApplicationLocal storage → this site → ph_<token>_posthogdistinct_id. Without that ID the operator has no way to identify your records, because the site does not collect any other identifier.

The operator will respond within 30 days. The lawful basis for processing under GDPR is legitimate interest (operating, debugging, and improving the mirror); you may object to that basis at any time using the opt-out above.

Security

The mirror is a fully static site — no databases, no server-side execution. Analytics are sent over HTTPS to PostHog. The operator does not warrant that PostHog or Cloudflare will never suffer a breach, only that the operator does not collect or hold any additional data beyond what is described above.

Children

The mirror is not directed at children under 13. The operator does not knowingly collect personal information from children. If you believe a child has used the site and you want their PostHog records deleted, email the address above.

International transfers

The operator is in the United States. PostHog US Cloud is hosted in the United States. If you visit from outside the US your data is transferred to and processed in the US. By using the mirror you consent to that transfer.

Changes to this policy

The operator may update this policy at any time. Material changes will be reflected in the “last updated” date at the top. The current version is always the one published at this URL.

The operator is not a lawyer. This document is a good-faith, plain-English description of what the mirror actually does. It is not a substitute for legal advice and may not satisfy every jurisdiction’s technical requirements. If you need a formally-reviewed policy for your own use, hire a lawyer.