Data Controller

The data controller responsible for your personal data is Ciaran Whiteside. You can contact me at [email protected].

What data is collected?

• Contact form: name, email address, the message you submit, the form’s name, the page URL you submitted it from, your IP address, your user agent, and the timestamp of the submission. This is the only personally identifiable information I intentionally collect.
• Articles waitlist: email address, the auto-generated message, the form’s name, the page URL you submitted it from, your IP address, your user agent, and the timestamp of the submission. The form auto-generates the message body so you do not have to type it, but the request is processed exactly like the contact form.
• Essential analytics: Cloudflare Web Analytics records anonymized counts of page views, referrers, device-type, and approximate country so I can understand which parts of the portfolio people actually read. Cloudflare truncates IP addresses and never sets cookies.
• Server logs: Cloudflare Pages records standard web metadata (IP address, user agent, requested URL) to protect the site from abuse. I do not combine these logs with other data.
• No tracking cookies: there are no marketing pixels, cross-site trackers, or ad networks embedded on this site.

Legal Basis for Processing

I process your data under the following legal bases as defined by UK data protection law:

• Consent: When you submit the contact form or join the articles waitlist, you give your consent for me to process the personal information you provide (name and email) to respond to your message or add you to the list. You can withdraw your consent at any time.
• Legitimate Interest: I have a legitimate interest in maintaining the security and functionality of this website. This is the legal basis for processing anonymized analytics and temporary server logs, which help me understand site traffic and protect against malicious activity.

How the forms work

Whether you use the contact modal or the articles waitlist, the payload is validated in your browser (including a hidden honeypot field to reject most bots) and then sent directly to Web3Forms over HTTPS. They securely relay the message to my inbox, and I use your details only to reply or confirm the waitlist—never selling or sharing them with advertisers.

• Included fields: name, email address, your message, the form name, the page URL where you submitted it, IP address, user agent, and the timestamp of the submission. I keep this metadata purely for security review and context while replying.
• Web3Forms: uses Amazon Web Services (AWS) for hosting and encrypts your data at rest. All form submissions are sent over HTTPS (SSL/TLS encryption) to protect them in transit. According to their privacy policy, they store your data in a database and their server logs are automatically deleted on a regular basis.
• Proton Mail: stores the delivered email so I can reply and keep a conversation history. Proton encrypts mail at rest and is hosted in Switzerland or Germany. In this context, Proton Mail receives the email from Web3Forms, not directly from your browser.

The honeypot fields are discarded immediately when legitimate visitors submit the form.

Third-party services

The following services help me run the site:

• Cloudflare Pages & CDN: Hosts the site, serves assets over HTTPS, and processes your interactions as an "End User" under their privacy policy. Cloudflare logs standard web metadata (such as IP address, user agent, and referring URL) to provide their services and protect the site from abuse.
• Cloudflare Web Analytics: Provides anonymous page view and performance metrics without cookies. Cloudflare aggregates counts (page URL, referrer, country, device type) so I can see which sections are popular.
• Web3Forms: Receives validated form payloads (name, email, message, timestamp, request metadata) over HTTPS and then forwards them to my inbox without needing custom SMTP infrastructure.
• Proton Mail: Encrypted inbox where I read and respond to messages. They have access to email metadata (sender/recipient, originating IP address of incoming messages, subject, attachment names) and store data on servers in Switzerland or Germany, under strong privacy laws.
• GitHub: Optional outbound link; their own privacy practices apply once you click through.
• LinkedIn: Optional outbound link; their own privacy practices apply once you click through.

When you follow outbound links (for example to GitHub or LinkedIn) their respective privacy policies apply.

Data retention & your rights

I keep emails only as long as they are relevant to ongoing work or conversations. You can request deletion of your messages at any time by replying to the thread or emailing [email protected]. I will remove the conversation from Proton Mail within a reasonable timeframe.

If you live in the UK or EU, you also have the right to request a copy of the personal data I hold about you and to ask for corrections if anything is inaccurate.

Should you have any concerns about how I handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK's independent body set up to uphold information rights.

Client-side preferences

The site stores small preferences in localStorage so you do not have to reconfigure things every visit. Specifically:

• Projects/articles sort and filter choices.
• Your preferred theme (light, dark, or system) so the interface matches what you last picked.
• Timestamp of the last contact or waitlist submission to prevent rapid repeats (this never leaves your device).

These values never leave your device and can be cleared by wiping browser storage. Keyboard shortcuts, the command palette, and on-site search all run entirely inside your browser—they use static data that ships with the site and do not send keystrokes or queries to my servers.

Questions

If you have any questions about this policy or need a copy of your data, contact me via the form or email [email protected].