Privacy Policy

Rusty Lopez (contact details in the section at the bottom of this page) is responsible for deciding how personal data collected through this website is used. This is a non-commercial portfolio and technical blog; I do not run paid ads on the site and I do not sell personal data.

If you use features that hit my separate API (for example loading blog posts, case studies, or the "Now" page), some technical data is processed on servers I control under the same purposes described here.

I collect only the minimum data required to operate this site and respond to visitors. I do not sell, rent, or share data with advertisers.

Contact form submissions

When you use the contact form, I receive your name (optional), email address, subject, and message. I use this information exclusively to reply to your enquiry and do not share it with any third party.

Usage & analytics (see also Cookies & Analytics)

I use Google Analytics 4 to understand traffic, navigation, and engagement (for example page views, scroll depth on case studies, and events such as contact clicks). This produces aggregated statistics, not a list of named individuals. I do not use GA for advertising or remarketing on this site.

Server & security logs

Like most websites, hosting infrastructure may log technical data such as IP address, request path, status code, and browser type for security, abuse prevention, and debugging. I access these logs only when needed to keep the service reliable.

Case study pages (work portfolio)

When you open a published case study, a simple view counter on my backend may increment so I can see aggregate interest in each project. This is not used for marketing lists. Custom GA4 events may also record that you opened or scrolled a case study (see analytics component on the site).

Cookie / consent preference (browser storage)

The cookie notice stores your choice (for example that you dismissed the banner) in localStorage on your device so the bar does not reappear every visit. This is not sent to my server.

Portfolio assistant (chat)

If you interact with the AI chat assistant, the messages you send are forwarded to an AI inference API to generate a response. I do not store conversations, use them to train AI models, or retain them beyond the active session.

You will see short privacy-related wording in several places — all of them link here or repeat the same principles:

• Site footer — Privacy link on every page.
• Cookie banner — explains analytics and links to this policy.
• Newsletter signup — reminder that you can unsubscribe anytime.
• Chat widget — note that messages go to an AI provider; link to this policy.
• Contact section — fair processing context when you send a message.

If I add a new feature that collects personal data, I will update this page and, where appropriate, add a short notice next to that feature.

If you sign up for new-post notifications (site footer or the subscribe box on blog posts), I collect and store your email address in order to send you those emails only.

I use a transactional email provider to deliver messages. I do not sell or rent your address, and I do not use this list for unrelated marketing or cold outreach.

Every notification email includes an unsubscribe link. If you unsubscribe, your address is marked inactive and you will not receive further blog emails unless you subscribe again.

I use any information collected solely for the following purposes:

• Responding to your enquiries or project requests
• Sending blog post notifications to people who opted in
• Improving the site's content, performance, and user experience
• Understanding which pages and topics are most useful to visitors
• Troubleshooting technical issues reported through the contact form
• Measuring readership of blog posts and case studies (aggregated)

I will never use your contact details to send unsolicited marketing messages.

Processing is based on legitimate interest and/or your explicit consent when you submit the contact form or subscribe to blog emails.

Google Analytics 4 (GA4) is loaded when this site is configured with a measurement ID. It uses cookies and similar technology to help me understand how people use the site (for example which pages are viewed, approximate geography, device category, and engagement events I configure such as scroll depth on case studies). Google processes this data under its own terms; see Google's Privacy Policy and How Google uses data when you use our partners' sites or apps. I do not use GA for advertising personalization or retargeting on this portfolio.

I do not use third-party advertising cookies for cross-site ad networks. I may use strictly necessary mechanisms required for navigation or security (for example CSRF protection on forms). The cookie banner records your acknowledgement in localStorage (see above).

You can install browser add-ons (such as Google's official opt-out browser add-on for Analytics), use private browsing, or block cookies in settings. Blocking analytics cookies may mean my aggregated statistics are less complete but the site should still work for reading content.

I use services that may independently process limited technical data under their own privacy policies:

Hosting — DigitalOcean

The site is hosted on DigitalOcean infrastructure. DigitalOcean may log request metadata (such as IP address, user-agent, and response time) for operational, security, and infrastructure monitoring purposes in accordance with DigitalOcean's Privacy Policy.

Analytics — Google LLC (Google Analytics)

Page measurement and event data are processed by Google when GA4 is enabled. Google may use cookies, device identifiers, and IP-derived data in line with its policies. You can learn more at How Google uses information from sites or apps that use our services.

AI Inference — OpenAI API

If you interact with the portfolio assistant, your messages are transmitted securely to the OpenAI API to generate a response. Messages are processed transiently for the sole purpose of generating a reply. They are not stored by this site, not used for model training, and not retained beyond the request lifecycle. Data handling is subject to OpenAI's applicable data processing and privacy terms.

External Links

This site may link to external services (GitHub, LinkedIn, Calendly, etc.). Once you leave this site, those services' own privacy policies apply. I am not responsible for the data practices of third-party websites.

All data in transit is encrypted via HTTPS/TLS. I handle contact form submissions through secure server-side routes; they are not exposed to the client. I take reasonable technical and organisational measures to protect any information you submit.

Please note that no method of transmission over the internet is 100% secure. While I take every reasonable precaution, I cannot guarantee the absolute security of information transmitted to me.

Contact form submissions are retained only for as long as necessary to respond to your enquiry and for reasonable business record purposes. I do not store them indefinitely.

Subscriber email addresses are kept while your subscription is active. If you unsubscribe, your record may be retained in an inactive state so the system does not re-add you by mistake.

Analytics data in Google Analytics is subject to Google's retention settings (configurable in the GA property) and my own review schedule. Aggregated case-study view counts on my server are kept as long as the portfolio feature is useful for understanding readership.

Depending on your jurisdiction, you may have the right to request access to, correction of, or deletion of any personal data I hold about you. You may also have the right to object to processing or to request data portability.

To exercise any of these rights, please contact me directly at [email protected]. I will respond within a reasonable timeframe, and no later than 30 days.

Children: This site is aimed at adults and professionals. I do not knowingly collect personal data from anyone under 16. If you believe a child has submitted information through a form, contact me and I will delete it.

International visitors: My servers and providers may be located outside your country (for example the United States or EU regions, depending on hosting and Google settings). By using the site you understand that data may be transferred as needed to provide the service, with appropriate safeguards where required by law.

This policy may be updated from time to time to reflect changes in the site's functionality, applicable law, or industry best practices. The "Last updated" date at the top of this page will always reflect the most recent revision.

Continued use of this website after any revisions constitutes your acceptance of the updated policy. I encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please reach out: