Privacy Policy

Last updated: 2026-06-28

1. Who we are

This website is operated by Ehsan ("I", "me", "my") at byehsan.com. You can contact me at [email protected].

2. What data we collect

When you subscribe to the newsletter or use the contractor portal, I collect:

  • Email address — required for newsletter delivery and portal access.
  • Phone number — optional, collected only if you provide it.
  • IP address — collected at subscription and login time for security purposes.
  • Country, city, timezone — derived from your IP address at the time of sign-up to understand where my audience is based.
  • User-agent string — the browser/device information sent automatically by your browser.
  • Signup timestamp — the date and time you subscribed.
  • Session tokens — short-lived tokens stored in your browser's localStorage to keep you signed in to the portal.

I do not use advertising cookies, cross-site tracking, or analytics platforms that profile you.

3. Legal basis (GDPR Article 6)

  • Newsletter subscription — Article 6(1)(b) (contract): Processing your email to deliver the newsletter you signed up for.
  • Geo-analytics (country/city/timezone) — Article 6(1)(a) (consent): You give explicit consent via the checkbox on the subscription form. You may withdraw consent at any time by unsubscribing.
  • IP address / security — Article 6(1)(f) (legitimate interest): Storing the IP address at sign-up and login helps prevent abuse and protect the integrity of the service.

4. Data retention

  • Active subscribers: Data is retained for as long as you remain subscribed.
  • Unsubscribed records: After you unsubscribe, your data is retained for up to 2 years for suppression purposes (to avoid re-adding you by mistake), then permanently deleted.
  • Session tokens: Auto-expire after 30 days of inactivity.

5. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of the data I hold about you.
  • Deletion (right to erasure) — request that I delete your data.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent — every newsletter email contains an unsubscribe link. Clicking it removes you from the list immediately.
  • Lodge a complaint — if you believe your data is being processed unlawfully, you have the right to lodge a complaint with your local supervisory authority (e.g., the German Datenschutzbehörde or your national DPA).

To exercise any of these rights, email me at [email protected]. I will respond within 30 days.

6. Third parties

I use the following third-party services, each of which processes data on my behalf:

  • Cloudflare — infrastructure, DNS, CDN, and Workers runtime. Cloudflare Privacy Policy.
  • Brevo (formerly Sendinblue) — transactional and newsletter email delivery. Brevo processes email addresses on my behalf as a data processor.
  • GitHub — source code hosting. No personal subscriber data is stored on GitHub.

I do not sell or rent your data to any third party.

7. Data storage

Subscriber data is stored in Cloudflare D1, a serverless SQLite database operated by Cloudflare Inc. Data may reside in EU or US datacentres depending on Cloudflare's routing. Cloudflare's standard Data Processing Addendum (DPA) applies, which satisfies GDPR Chapter V requirements for international transfers.

8. Cookies and local storage

This site does not set any cookies. The contractor portal stores a session token in localStorage solely to keep you signed in — this is not shared with any third party and is not used for advertising or tracking. No third-party tracking scripts or analytics pixels are loaded.

9. Contact

For any privacy-related questions or requests, email [email protected]. I aim to respond within 30 days.