Privacy Policy
How this site handles data โ plainly and transparently
This is a personal portfolio and technical blog. There is no commerce, no account system, and no user-generated content beyond the contact form. This policy documents exactly what happens to data in plain terms.
01 Data Collected
| Data Type | Source | Purpose | Storage |
|---|---|---|---|
| Page views, referrer, browser/OS | Google Analytics 4 | Understand which content is useful | Google servers (anonymised) |
| Name, email, message | Contact form submission | Respond to enquiries | Server database |
| IP address, request path, timestamp | Server access logs | Security monitoring & debugging | Server logs, rotated periodically |
02 What Is Not Collected
- No passwords or authentication credentials โ there are no user accounts.
- No payment information โ there is nothing to purchase.
- No persistent cookies beyond the GA session cookie and CSRF token.
- No cross-site tracking or advertising pixels.
- No fingerprinting or device identifiers beyond what GA provides.
03 Google Analytics
This site uses Google Analytics 4 to collect anonymous usage data.
The GA script is loaded with defer โ it does not block page rendering.
GA uses cookies to distinguish sessions. IP addresses are anonymised by GA before storage.
You can opt out globally using the Google Analytics Opt-out Browser Add-on .
04 Contact Form Data
Messages submitted via the contact form are stored in a server-side database. They are read only by the site owner and are not shared with third parties. To request deletion of a message you sent, email the address on the contact page.
05 Cookies
- Analytics cookie โ set by Google Analytics to distinguish user sessions. Contains no personally identifiable information.
- CSRF token โ a security cookie set server-side to protect form submissions from cross-site request forgery. It is not used for tracking.
- No advertising, remarketing, or third-party tracking cookies are used.
- You can disable cookies in your browser settings. Doing so will not affect the core functionality of this site.
06 Third-Party Links
Blog posts and project pages may contain links to external websites. This policy applies only to this site. Linked external sites have their own privacy practices and this site takes no responsibility for them.
07 Infrastructure
- Hosting: VPS with a standard web stack behind a reverse proxy.
- TLS: Valid TLS certificate โ all traffic is encrypted in transit.
- Static assets: Served from the same origin with content-hashed names and long-term cache headers.
- Security headers:
Strict-Transport-Security,Content-Security-Policy,Permissions-Policy, andX-Frame-Optionsare set on every response.
08 Your Rights
You may request access to, correction of, or deletion of any personal data held about you (contact form submissions). Use the contact page to make such a request.
09 Changes
This policy may be updated when site functionality changes. Significant changes will be noted in the blog.