diff --git a/src/privacy-policy.html b/src/privacy-policy.html
new file mode 100644
index 0000000..a9f2eb8
--- /dev/null
+++ b/src/privacy-policy.html
@@ -0,0 +1,18 @@
+---
+layout: page.njk
+title: Privacy Policy
+---
+
+In the interest of transparency, here's a rundown of the data I collect and store:
+
+## Server logs
+
+* I collect IP addresses, User-Agent strings, and referrer URLs in my server logs. This is standard practice for web servers, and I use this information to diagnose problems with the site and to detect and block malicious traffic. I do not use this information to track or identify individual users.
+* My DNS and CDN provider, [Bunny.net](https://bunny.net), also collects IP addresses and User-Agent strings in their server logs. You can read their privacy policy [here](https://bunny.net/privacy). IP addresses are partially anonymised, and the data is stored for no more than 3 days.
+
+## Comments and Webmentions
+
+* Pinging my site with a [Webmention](https://indieweb.org/Webmention) will cause your IP address and User-Agent string to be stored in my server logs (see above). I will also store the content of the Webmention, including any links, in my database. This is necessary to display the Webmention on my site - if you wish for your Webmention to be removed, please [contact me](/links).
+
+
+