Every vendor. Every byte.
Below is the complete list of third-party services we use, what data each one sees, and a separate list of categories we deliberately refuse to use. If your security or compliance team needs more detail, write to privacy@globalcyberinstitute.org.
Sub-processors we use
| Vendor | What it does | What it sees | Where |
|---|---|---|---|
| Vercel, Inc. | Static hosting and content delivery for the Site. | Standard CDN edge logs (IP address, requested path, referrer, user-agent), retained per Vercel's defaults. We do not query, export, or join these logs to anything. | USA (multi-region edge) |
| Resend | Delivers correction submissions to our editorial inbox by email. Runs server-side — your browser never contacts Resend directly; it posts to our own /api/correction endpoint, which sends the email. |
Only the contents of a correction you choose to submit (the text you enter, and your email if you provide one). No browsing data, no card data, no accounts. | USA |
| Google LLC (Fonts + cookieless GA4) | (1) Serves three webfonts (Newsreader, Geist, JetBrains Mono) from fonts.googleapis.com / fonts.gstatic.com. (2) Google Analytics 4 in strict cookieless mode (client_storage: 'none', anonymize_ip: true, Google Signals and ad personalization disabled) — measures aggregate page views only. Loaded on every page via /js/analytics.js; measurement ID G-PH5VNTSZB6. |
For fonts: IP address during font fetch only. For GA4: an anonymized per-request beacon (anonymized IP, page URL, device class). No cookies set on your device. No cross-site identifiers. We do not use Google Ads, conversion tags, Google Signals, reCAPTCHA, or any Google service for behavioral profiling. | Global CDN |
Things we refuse to use
This list is the heart of our anti-tracking commitment. The directory will not adopt any of the following without first updating this page, the Privacy Policy, and the Terms of Service, and giving 30 days' advance notice in the page footer:
- ✕ Meta Pixel (Facebook / Instagram conversion tracking)
- ✕ Standard (cookie-based) Google Analytics, Google Tag Manager for marketing, Google Ads conversion tags, or Google Signals. (We do load GA4 in a strict cookieless configuration; see the sub-processors table above.)
- ✕ TikTok Pixel, LinkedIn Insight Tag, Pinterest Tag, X (Twitter) Pixel, Snap Pixel
- ✕ Hotjar, FullStory, Mouseflow, Microsoft Clarity, LogRocket, or any other session-replay tool
- ✕ Any cross-site behavioral advertising network or "data broker" relationship
- ✕ Any third-party live-chat tool (Intercom, Drift, Zendesk Messenger, Crisp) — we will use email instead
- ✕ Any healthcare-targeted ad-tech (Amazon DSP healthcare audiences, Symphony, etc.)
- ✕ Sale, rental, or sharing of personal data with any party for advertising purposes — ever
What this means for you
You can browse this directory without a cookie ever being written to your device. No Meta, TikTok, or third-party advertising network is told you visited. Google receives only a cookieless, anonymized beacon used to count aggregate page views — it cannot tie that beacon to your advertising profile, because Google Signals and ad personalization are disabled. You can submit a correction without creating an account or being added to a profile. There is no sign-in and no payment anywhere on this site. We hold ourselves to this standard not because the law requires it (in many places it does not), but because the Site exists to help nursing students — and nursing students deserve the same privacy posture that the most-litigated healthcare websites are now being forced into. We start there.
Last verified by manual audit: 2026-06-18. To independently verify the trackers list, open your browser's network panel and load any page on this Site — the only third-party requests you will see are to fonts.googleapis.com, fonts.gstatic.com, www.googletagmanager.com (cookieless GA4 loader), and region1.google-analytics.com (cookieless GA4 beacon). Correction submissions post to our own first-party /api/correction endpoint — no third-party request is involved. To independently confirm no cookies are set: open DevTools → Application → Cookies before and after page load.