Privacy Policy

Information you provide directly

• Full name, email address, and message content submitted via the contact form at https://www.jgerard.dev/contact. Form submissions are handled by Formspree, which acts as a data processor. For more information, see the Formspree Privacy Policy.

Information collected automatically

• The Website is hosted on Cloudflare Pages, which processes limited technical data (such as IP address and request details) to deliver content securely and efficiently. For more information, see the Cloudflare Privacy Policy.
• On-device site data is used to store your theme preference (light or dark mode). This data never leaves your device and cannot be used to identify you.

Your personal data is processed solely to:

• Respond to messages you submit through the contact form.
• Ensure the Website operates securely and functions correctly.

Processing is based on legitimate interest (Article 6(1)(f) GDPR).

Data retention is handled as follows:

• Contact form submissions are retained for up to 12 months, or until correspondence is complete, whichever occurs first.
• Automatically processed technical data is retained according to each processor's policies (Formspree and Cloudflare).
• Theme preference stored locally remains on your device until you clear your browser data.

Personal data may be processed by trusted third parties acting as processors:

• Formspree – contact form submission handling.
• Cloudflare – hosting and content delivery.

No other third-party access, marketing, or analytics tools are used.

Some personal data may be transferred outside the European Economic Area (EEA):

• Formspree hosts its services on Amazon Web Services (AWS) in the United States. Formspree is GDPR-compliant and relies on the European Commission's Standard Contractual Clauses (SCCs) to ensure adequate protection for transferred data.
• Cloudflare may transfer limited technical data (such as IP addresses) outside the EEA as part of its global network operations. Cloudflare relies on SCCs, supplementary measures, and participation in the EU–U.S. Data Privacy Framework to maintain compliance with GDPR requirements.

These safeguards ensure that personal data receives a level of protection equivalent to that required under EU law.

Under the GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure of your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability (receive a copy of your data in a structured format).
• Lodge a complaint with your local data protection authority.

To exercise your rights, contact the data controller.

The Website uses HTTPS encryption and relies on secure infrastructure provided by Cloudflare. External links are reviewed to ensure they are safe, but responsibility cannot be assumed for external sites.

No cookies, analytics, or tracking technologies are used. Only non-identifiable local storage is used for theme preference.

The Website is suitable for general audiences and does not knowingly collect data from children under 16. If you believe personal data has been collected from a minor, contact the data controller to request deletion.

This Privacy Policy may be updated periodically. The effective date at the top of this page will always reflect the most recent version.

For privacy-related inquiries, email john@jgerard.dev.