tractatus/NEXT_SESSION_STARTUP_2025-10-15_PRIVACY.md

# Optimal Session Startup: Privacy Analytics Implementation

**Date Created:** 2025-10-15
**Session Purpose:** Implement privacy-preserving analytics (Priority 1 - CRITICAL VALUES)
**Previous Session:** SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md
**Estimated Duration:** 1-2 days

---

## 🚀 RECOMMENDED STARTUP COMMAND

```bash
node scripts/session-init.js
```

**Then immediately review these files:**
1. `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md` (this session's accomplishments)
2. `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md` (previous context)
3. `docs/plans/integrated-implementation-roadmap-2025.md` (46% complete roadmap)

---

## 📋 SESSION CONTEXT

**Previous Session Accomplishments:**
- ✅ Fixed PWA install button (now shows helpful feedback + CSP compliant)
- ✅ Verified transparency dashboards (both working)
- ✅ Complete GitHub repository setup:
  - CODE_OF_CONDUCT.md (Contributor Covenant v2.1)
  - Issue templates (bug, feature, docs)
  - GitHub Actions CI workflow (lint + test)

**Git Status:**
- 7 commits ahead of origin/main
- New handoff document untracked: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
- All other changes committed

**Session Pressure Warning:**
- Previous session ended at HIGH pressure (56.4%)
- Fresh session recommended for optimal focus

---

## 🎯 THIS SESSION'S PRIORITY

### Priority 1: Privacy-Preserving Analytics Implementation

**WHY CRITICAL:** Cannot do public launch without values alignment on privacy (Te Tiriti, CARE Principles)

**TASKS:**

1. **Research & Select Solution** (2-3 hours)
   - Recommended: Plausible Analytics
     - GDPR compliant by default
     - No cookies
     - Country-level geolocation only
     - Open source
     - Self-hosted or cloud options
   - Alternatives to consider:
     - Fathom Analytics
     - Simple Analytics  
     - Umami (self-hosted)
   - Decision criteria:
     - ✅ No cookies required
     - ✅ No personal data collection
     - ✅ Country-level geolocation only (not city/IP)
     - ✅ GDPR/CCPA compliant by default
     - ✅ Open source preferred
     - ✅ Easy integration (<1 day)
     - ✅ Reasonable cost (or self-hostable)

2. **Install & Configure** (3-4 hours)
   - Self-hosted vs cloud decision
   - If self-hosted:
     - Deploy on existing VPS (vps-93a693da.vps.ovh.net)
     - Set up systemd service
     - Configure nginx reverse proxy
   - If cloud:
     - Sign up for service
     - Configure domain
     - Get tracking script
   - Integration:
     - Add script tag to website
     - Test tracking
     - Verify no cookies set

3. **Transparency Implementation** (2-3 hours)
   - Add privacy policy section to footer
   - Link to analytics dashboard (if public)
   - Explain what we collect and why
   - Document in `/privacy.html` or `/about.html`
   - Make dashboard public if possible (values alignment)

4. **Testing & Verification** (1-2 hours)
   - Confirm no cookies set (browser dev tools)
   - Verify data collection scope (check dashboard)
   - Test on multiple browsers
   - Check performance impact (<100ms)
   - Verify GDPR compliance

5. **Deployment** (1 hour)
   - Deploy to production
   - Test on live site
   - Monitor for errors
   - Update session handoff

**ESTIMATED TOTAL TIME:** 1-2 days (9-14 hours)

---

## 🔒 FRAMEWORK REMINDERS

**Before starting work:**

1. ✅ Run `node scripts/session-init.js` (already done at startup)
2. ✅ Run pressure check at 50k, 100k, 150k tokens
3. ✅ Use BoundaryEnforcer for values decisions:
   - Privacy analytics selection IS a values decision
   - User must approve final choice
4. ✅ Use CrossReferenceValidator before major changes
5. ✅ Use InstructionPersistenceClassifier for new directives

**Values Decision Points:**
- Analytics provider selection (user approval required)
- What data to collect (user approval required)
- Dashboard visibility (public vs private - user approval required)

---

## 📁 KEY FILES & LOCATIONS

**Configuration:**
- MongoDB: Port 27017, database `tractatus_dev`
- Application: Node.js/Express, port 9000
- Production: vps-93a693da.vps.ovh.net (Ubuntu, systemd)

**Documentation:**
- Roadmap: `docs/plans/integrated-implementation-roadmap-2025.md`
- Privacy page: `/public/privacy.html` (may need creation)
- Footer template: `/public/js/components/footer.js`

**Handoff Documents:**
- This session: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
- Previous: `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md`

---

## 🚨 KNOWN CONSTRAINTS

**Values Alignment:**
- Te Tiriti o Waitangi commitment (Māori data sovereignty)
- CARE Principles (Collective benefit, Authority to control, Responsibility, Ethics)
- No tracking of individuals without explicit consent
- Transparency by default

**Technical Constraints:**
- Must work with existing tech stack (vanilla JS, Tailwind)
- No breaking changes to existing functionality
- Performance budget: <100ms overhead
- CSP compliant (no inline scripts - inst_008)

---

## 📊 SUCCESS CRITERIA

This task is complete when:

1. ✅ Privacy-first analytics solution selected and approved by user
2. ✅ Analytics installed and operational (collecting data)
3. ✅ No cookies set (verified in browser)
4. ✅ Transparency statement added to website
5. ✅ Dashboard accessible (public or private as approved)
6. ✅ Performance impact verified (<100ms)
7. ✅ Deployed to production
8. ✅ Documented in session handoff

---

## 🔄 NEXT PRIORITIES (After This)

**Priority 2:** Draft video walkthrough script (5-10 min)
- Problem → Solution → Demos → Value proposition
- For researchers needing quick overview

**Priority 3:** Soft research outreach
- After video and QA complete
- Personalized emails to research organizations

---

**READY TO START!**

Run the initialization command above, review handoff documents, then begin with analytics research.

Good luck! 🚀