Privacy Policy

The short version

I collect only what I need to do the thing you asked me to do. I don't sell your data. I don't share it with anyone except the services required to deliver what you requested (email delivery, file storage). If you want your data deleted, email me and I'll do it.

What I collect and why

Contact form

Your name, email, message, and which services you're interested in. I use this to reply to you. Your message is sent to me via Brevo (transactional email). You also receive a confirmation email. I don't add you to any mailing list.

Personality quiz

If you take the quiz and choose to share your name and email, those are stored locally in your browser (localStorage) and optionally sent to me via Brevo. Your quiz answers are used only to personalize the site's appearance for you. They're stored in your browser, not on my server. If you clear your browser data, they're gone.

Sentiment scanner

When you use the free scanner tool, I store the brand name you searched and the results. If you unlock the full report by providing your email, that email is stored and used to send you the report via Brevo. Your IP address is used for rate limiting (3 scans per day) and is not stored permanently.

Client portal

If you're a client with portal access, I store your name, email, and the files and data associated with your account. Authentication uses a password you set during onboarding; passwords are hashed with bcrypt before storage. Initial invitations are sent as one-time magic links that expire in 15 minutes. Session tokens are stored as SHA-256 hashes. Files are stored on DigitalOcean Spaces (S3-compatible storage) with private access; download links are signed and time-bound. Access is restricted to your account.

Anonymous request logs

Every request to a public page on this site (not portal pages, not static assets) is logged server-side. Captured: the URL path, HTTP method, referring URL if any, your user-agent string, your country (provided by Cloudflare), and the response status code. No IP address is stored. No cookies are set for this. No data leaves my server. I use it for traffic patterns and debugging. My target retention is 90 days; I delete older logs periodically.

Third-party services

• Brevo: transactional email delivery (contact form, magic links, scanner reports)
• Cloudflare: CDN, DNS, and bot management in front of this site
• DigitalOcean App Platform: hosts this site
• DigitalOcean Spaces: file storage for client portal documents
• Turso: database hosting for portal data and the request log
• Serper: web search API used by the sentiment scanner
• Google Fonts: font loading (Inter, Instrument Serif, Lora, JetBrains Mono)
• jsDelivr: CDN for Chart.js (portal dashboard)

I don't load Google Analytics, Microsoft Clarity, Facebook Pixel, or any other third-party tracking or advertising scripts on this site.

Cookies

Two cookies are set when you visit this site:

• portal_session: set only after a portal client signs in. Keeps you logged in. httpOnly, secure, SameSite=strict, 30-day rolling expiry, 90-day absolute maximum. First-party.
• __cf_bm: set by Cloudflare for bot management on every request. Helps separate human visitors from automated traffic. 30-minute expiry. First-party on this domain, controlled by Cloudflare.

No analytics cookies. No advertising cookies. No Google or Microsoft or Facebook tracking pixels.

Your rights

You can ask me to delete any data I have about you. Email [email protected] and I'll handle it within 5 business days. If you're a portal client, I'll export your data before deletion if you want it.

Changes

If I change this policy in a meaningful way, I'll update the date at the top. I won't email you about it unless you're a portal client and the change affects how your data is stored.

Questions

Email me: [email protected]