Privacy Policy
Last updated: December 25, 2025
Introduction
This Privacy Policy describes how I, David Griffin, collect, use, and protect your information when you visit my website (davie3.com). I am committed to protecting your privacy and being transparent about my data practices.
Information I Collect
Analytics Data
I use privacy-focused analytics tools, including Vercel Analytics and Cloudflare Web Analytics, to understand how visitors interact with my website. These services collect:
- Page views and navigation patterns
- Browser type and version
- Operating system information
- Geographic location (country/region level only)
- Referrer information (which site brought you here)
- Device type (desktop, mobile, tablet)
Contact Form Data
When you use my contact form, I collect:
- Your name
- Your email address
- Your subject line
- The message content you provide
Cloudflare Turnstile (Bot Protection) Data
My contact form uses Cloudflare Turnstile for bot protection. This service may collect:
- IP address for verification purposes
- Browser and device information
- Behavioral data to distinguish humans from bots
Portfolio Data
My portfolio page displays public information from my GitHub repositories, including:
- Repository names and descriptions
- Programming languages used
- Star and fork counts
- Repository sizes and metadata
How I Use Your Information
- Analytics Data: To understand website usage patterns and improve user experience
- Contact Information: To respond to your inquiries and communicate with you
- Portfolio Data: To showcase my work and technical projects to visitors
- Technical Data: To ensure website functionality and security
Third-Party Services
Cloudflare Analytics
I use Cloudflare Web Analytics, which is privacy-focused and does not use cookies or track individual users across websites. Cloudflare processes data in accordance with their privacy policy and GDPR compliance standards.
Vercel Analytics & Speed Insights
I also use Vercel Analytics and Speed Insights for performance monitoring and to understand user engagement. Like Cloudflare Analytics, Vercel's tools are privacy-friendly, do not use cookies for tracking, and anonymize visitor data. All data is processed in compliance with GDPR.
Email Processing
Contact form submissions are processed through SendGrid, a third-party email service provider. SendGrid processes your contact information to deliver emails and may collect technical data such as IP addresses and email engagement metrics. SendGrid operates under their own privacy policy and maintains GDPR compliance.
GitHub API
My portfolio page fetches public repository data from GitHub's API to display my projects. This data is publicly available and does not require authentication. GitHub may log API requests including IP addresses and user agents for their own analytics and rate limiting purposes.
Hosting & CDN
My website is hosted on Vercel and fronted by Cloudflare CDN. These services may collect standard web server logs including IP addresses, user agents, and access times for security and performance purposes. Both services process data in accordance with their respective privacy policies and GDPR compliance standards.
Data Retention
The table below outlines how long different types of data are retained, who controls that retention, and links to relevant privacy policies for more details.
| Service | Data Processed | Retention Period | Privacy Policy |
|---|---|---|---|
| Vercel Analytics | Usage data (anonymized) | Per Vercel's policy | Vercel Privacy Policy |
| Cloudflare Web Analytics | Usage data (anonymized) | Per Cloudflare's policy | Cloudflare Privacy Policy |
| Cloudflare Turnstile | Bot detection data | Ephemeral (not stored by me) | Cloudflare Privacy Policy |
| SendGrid (Twilio) | Email address, message content | Per SendGrid's policy | Twilio Privacy Policy |
| GitHub API | Public repository data | 1 hour cache, then refreshed | GitHub Privacy Policy |
| Contact Form (My Site) | Name, email, message | Stored in email inbox indefinitely | N/A (Contact me to request deletion) |
| Server Logs | Access logs, IP addresses | Per Vercel and Cloudflare policies | Vercel | Cloudflare |
Your Rights
You have the following rights regarding your personal data:
Data I Control
For data I directly collect and control (contact form submissions):
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request data portability
Third-Party Services
For data processed by third-party services (analytics, email, hosting), you'll need to contact those services directly:
- Analytics Data: Contact Vercel or Cloudflare directly for data access/deletion requests
- Email Data: Contact SendGrid for email-related data requests
- Cloudflare Turnstile Data: Contact Cloudflare for data requests
- GitHub Data: Contact GitHub directly for repository data requests
Cookies
My website does not use cookies for analytics or advertising. However, a single strictly necessary cookie may be set by our security provider:
Cloudflare Security Cookie
Cloudflare Turnstile (my bot protection service) may set a cookie named __cf_bm to help distinguish between human visitors and automated traffic. This cookie is:
- Strictly necessary for protecting my contact form from spam and abuse
- Exempt from consent requirements under privacy regulations (ePrivacy Directive, GDPR)
- Short-lived and expires after a brief period
- Security-focused and does not track users across websites
What I Don't Use
- No tracking cookies or third-party advertising cookies
- No analytics cookies (Vercel and Cloudflare analytics are cookie-free)
- No social media tracking pixels
- No persistent user identification cookies
Security
I implement comprehensive security measures to protect your personal information:
Technical Security Measures
- HTTPS Everywhere: All data transmission is encrypted using TLS/SSL with HSTS headers
- Content Security Policy (CSP): Strict CSP headers prevent XSS attacks and unauthorized script execution
- Input Sanitization: All user inputs are sanitized using multiple layers of XSS protection
- Security Headers: X-Frame-Options, X-Content-Type-Options, and other security headers protect against common attacks
- Bot Protection: Cloudflare Turnstile prevents automated attacks and spam
Data Protection
- Contact form data is processed server-side only
- No client-side storage of personal information
- Environment variables are validated using Zod schemas
- API endpoints have strict input validation and rate limiting
While I implement these security measures, no method of transmission over the internet is 100% secure. I cannot guarantee absolute security but strive to use industry best practices.
International Data Transfers
My website uses third-party services that may process your data in countries outside your own, including the United States and European Union. These international data transfers are necessary to provide the services described in this policy.
Data Protection Safeguards
All third-party services I use maintain appropriate safeguards for international data transfers:
- Vercel: Uses Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR compliance
- Cloudflare: Operates globally with data processing agreements and SCCs for GDPR compliance
- SendGrid (Twilio): Maintains GDPR compliance through SCCs and Privacy Shield frameworks
These safeguards ensure that your data receives the same level of protection regardless of where it is processed. For more details about how each service handles international transfers, please refer to the Privacy Policy links in the Data Retention table above.
Changes to This Policy
I may update this Privacy Policy from time to time. I will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
Contact Me
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact me through my contact form or reach out via my social media channels.