Privacy Policy

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when you:

• Contact us: Name, email address, message content, and mailbox selection (Magnus, Luke, Consulting)
• Subscribe to our newsletter: Email address
• Request consultation: Professional details, project requirements, and technical specifications
• Authenticate for mail client: Email address for magic link authentication

2.2 Automatically Collected Information

When you access our website, we may automatically collect:

• Browser type and version
• Operating system
• IP address (anonymized)
• Pages visited and time spent
• Referring website

2.3 Cookies and Tracking

We use essential cookies for authentication (session management) and functionality. We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, though this may affect website functionality.

3. How We Use Your Information

We use collected information for the following purposes:

• Communication: Respond to inquiries, consultation requests, and support questions
• Newsletter: Send technical updates, research announcements, and relevant content (opt-in only)
• Authentication: Verify identity for mail client access
• Service improvement: Analyze website usage to improve user experience
• Legal compliance: Maintain records as required by law
• Security: Detect and prevent fraud, abuse, or security incidents

4. Data Storage and Security

4.1 Storage Location

Your data is stored in:

• SQLite database: Contact form submissions, newsletter subscriptions, email correspondence
• Resend: Email delivery service for transactional and newsletter emails
• Session storage: Authentication tokens (encrypted, temporary)

4.2 Security Measures

We implement industry-standard security measures:

• Encryption in transit (HTTPS/TLS)
• Password hashing with bcrypt (for session tokens)
• HttpOnly and SameSite cookie flags
• Regular security audits and updates
• Access controls and authentication

4.3 Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Email correspondence and consultation records are retained for business continuity. Newsletter subscriptions are retained until you unsubscribe.

5. Data Sharing and Disclosure

5.1 Third-Party Services

We use the following third-party services:

• Resend: Email delivery and inbound email processing (see Resend Privacy Policy)

5.2 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.3 Legal Disclosure

We may disclose your information if required by law, legal process, or government request, or to protect our rights, property, or safety.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data for specific purposes
• Withdraw consent: Unsubscribe from newsletters or revoke authentication

To exercise these rights, contact us at magnus@blackfall.dev.

7. Newsletter and Email Communications

7.1 Subscription

Newsletter subscriptions are strictly opt-in. You will only receive emails if you explicitly subscribe via the website subscription form.

7.2 Unsubscribe

Every newsletter email includes an unsubscribe link. Clicking this link will immediately remove your email address from our mailing list. You can also unsubscribe by contacting us directly.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

9. Children's Privacy

Our website is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our website after changes constitutes acceptance of the revised policy.