Privacy Policy
We're not going to write 47 pages of lawyer-speak nobody reads. Here's what we actually do with your data — plain and simple.
Last updated: February 2026
Who We Are
This website is operated from Spain (EU jurisdiction). It's a personal portfolio and blog — not a SaaS platform harvesting your data for profit. We're one person showing their work, not a corporation with a data monetization strategy.
For any privacy-related questions, reach out via the contact form or email us directly. We take this stuff seriously (because GDPR fines are no joke, and also because it's the right thing to do).
What We Collect
Here's the full picture — every piece of data this site touches:
| What | Where | How Long | Legal Basis |
|---|---|---|---|
| Name, email, message | Contact form | Emailed only — not stored in our database | Legitimate interest |
| IP address | Contact form rate limiting | In-memory only, not persisted to disk | Legitimate interest |
| IP + User Agent | Admin sessions | 7 days (session expiry) | Service provision |
| Session cookie | Admin login only | 7 days, HTTP-only | Strictly necessary |
| Theme preference | Your browser (localStorage) | Until you clear it | Strictly necessary |
| Cookie consent choice | Your browser (localStorage) | Until you clear it | Strictly necessary |
| Analytics data | Only if you accept cookies | Provider-dependent | Consent |
| Google Fonts | Every page load (CDN) | Request data per Google's policy | Legitimate interest |
That's it. No hidden trackers, no pixel armies, no selling your data to anyone.
Why We Collect It (Legal Bases)
GDPR requires a legal basis for processing any personal data. Here's what applies:
- Consent— Analytics cookies. You choose whether to accept them. We don't load analytics scripts until you say yes.
- Legitimate Interest— Contact form processing (you expect a reply when you write to us), rate limiting (preventing spam), Google Fonts (making the site readable).
- Strictly Necessary— Session cookies for admin login, theme preferences, cookie consent storage. The site literally can't function without these.
- Service Provision— Admin session data (IP/User Agent for security), SMTP credentials (encrypted, needed to send emails).
Cookies
We keep it minimal. Here's every cookie and storage item this site uses:
Essential (always active)
hq_session— Admin login cookie. HTTP-only, 7-day expiry. Only set when an admin logs in.booplex-theme— Your light/dark mode preference. Stored in localStorage, never leaves your browser.booplex-cookie-consent— Your cookie consent choice. Also localStorage.
Non-Essential (only with consent)
- Analytics script — Only loaded if you click “Accept All” on the cookie banner. The specific cookies depend on which analytics provider is configured.
Third Parties
These services receive some data as part of how the site works:
- Google Fonts — Serves the typefaces you see on this site. Your browser makes requests to Google's CDN, which means they see your IP address. This is standard for most websites.
- Analytics provider — If configured and you've consented, page view data is sent to the analytics service. We currently use privacy-focused analytics whenever possible.
- Email/SMTP provider — When you submit the contact form, your message is sent via an SMTP service. The provider processes the email in transit.
- AI providers — Used only in the admin panel for content generation. No visitor data is sent to AI services.
Data Retention
- Contact form submissions: Not stored. Emailed and forgotten.
- Rate limiting data: In-memory only. Gone when the server restarts.
- Admin sessions: Automatically deleted after 7 days.
- Theme/consent preferences: Stored in your browser until you clear them.
- Analytics data: Retention depends on the analytics provider's policy.
Your Rights (GDPR Articles 15-22)
As someone in the EU (or dealing with an EU-based site), you have these rights:
- Right of Access — Ask us what data we have about you. (Spoiler: probably nothing unless you're an admin.)
- Right to Rectification — If we have incorrect data about you, tell us and we'll fix it.
- Right to Erasure — Ask us to delete your data. Since we barely store anything, this is usually a non-issue.
- Right to Data Portability — Get your data in a machine-readable format.
- Right to Object — Object to processing based on legitimate interest.
- Right to Restrict Processing — Ask us to limit how we use your data.
- Right to Withdraw Consent — Change your cookie preferences anytime via the “Cookie Settings” link in the footer.
How to Exercise Your Rights
Send us a message through the contact form with your request. We'll respond within 30 days (usually much faster). No forms to fill out, no phone trees to navigate. Just tell us what you need.
International Data Transfers
Some data may be transferred outside the EU through third-party services (Google Fonts CDN, email providers, analytics). Where this happens, we rely on the provider's compliance frameworks — typically EU Standard Contractual Clauses or adequacy decisions. We don't independently transfer any data outside the EU.
Changes to This Policy
If we change how we handle data, we'll update this page and the “last updated” date at the top. For significant changes, we may show a notice on the site. We won't email you about it because, well, we probably don't have your email.
Supervisory Authority
If you believe we're mishandling your data and we haven't resolved your concern, you have the right to lodge a complaint with the Spanish Data Protection Authority: